go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=1...
Submission: On January 25 via manual (January 25th 2022, 6:38:18 pm UTC) from CA — Scanned from CA

Summary HTTP 133 Redirects Behaviour Indicators

Summary

This website contacted 47 IPs in 4 countries across 44 domains to perform 133 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on December 6th 2021. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	35.202.21.90 35.202.21.90	15169 (GOOGLE) (GOOGLE)
3	34.107.203.240 34.107.203.240	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
1	34.120.142.1 34.120.142.1	15169 (GOOGLE) (GOOGLE)
51	2607:f8b0:400... 2607:f8b0:4006:820::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80f::2013	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3037::6815:55f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	178.250.2.130 178.250.2.130	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	195.181.168.47 195.181.168.47	60068 (CDN77 ^_^) (CDN77 ^_^)
4	35.192.151.63 35.192.151.63	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:824::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2607:f8b0:402... 2607:f8b0:4023:1404::9b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80d::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2003	15169 (GOOGLE) (GOOGLE)
4 5	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
5	52.38.14.212 52.38.14.212	16509 (AMAZON-02) (AMAZON-02)
4	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 2	142.250.64.66 142.250.64.66	15169 (GOOGLE) (GOOGLE)
2 3	54.83.13.4 54.83.13.4	14618 (AMAZON-AES) (AMAZON-AES)
4 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 3	107.178.246.49 107.178.246.49	15169 (GOOGLE) (GOOGLE)
1	2001:4998:14:... 2001:4998:14:800::1001	14777 (YAHOO) (YAHOO)
1	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
1 2	3.218.90.66 3.218.90.66	14618 (AMAZON-AES) (AMAZON-AES)
1	64.202.112.223 64.202.112.223	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2	23.208.216.126 23.208.216.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.242.231.184 54.242.231.184	14618 (AMAZON-AES) (AMAZON-AES)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
3 4	68.67.160.24 68.67.160.24	29990 (ASN-APPNEX) (ASN-APPNEX)
1	34.102.166.132 34.102.166.132	15169 (GOOGLE) (GOOGLE)
1	124.146.215.4 124.146.215.4	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	23.23.105.100 23.23.105.100	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1	23.221.200.79 23.221.200.79	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.180.85.76 18.180.85.76	16509 (AMAZON-02) (AMAZON-02)
1 2	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.209.95.124 13.209.95.124	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21e... 2600:9000:21ea:b800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
1	99.84.125.119 99.84.125.119	16509 (AMAZON-02) (AMAZON-02)
1	34.206.177.106 34.206.177.106	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.210.160.53 34.210.160.53	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:112:f002... 2620:112:f002:bbbb::23	6336 (TURN-US-ASN) (TURN-US-ASN)
133	47

1 35.202.21.90 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.203.240 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.lpcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.142.1 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 1.142.120.34.bc.googleusercontent.com

www.behind-the-markets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2607:f8b0:4006:820::2001 (United States)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80f::2013 (United States)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:820::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6815:55f5 (United States)

ASN13335 (CLOUDFLARENET, US)

www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 195.181.168.47 (United States)

ASN60068 (CDN77 ^_^, GB)
PTR: edge-742.bunnyinfra.net

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.192.151.63 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4023:1404::9b (Columbus, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:1::13 (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.38.14.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-14-212.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.64.66 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.83.13.4 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-13-4.compute-1.amazonaws.com

partner.mediawallahscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.246.49 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4998:14:800::1001 (Ashburn, United States)

ASN14777 (YAHOO, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.218.90.66 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-90-66.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.223 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.208.216.126 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-208-216-126.deploy.static.akamaitechnologies.com

cw.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.242.231.184 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-242-231-184.compute-1.amazonaws.com

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.160.24 (New York, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.166.132 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 132.166.102.34.bc.googleusercontent.com

ad.tpmn.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.4 (Shibuya, Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

adgen.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.105.100 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-105-100.compute-1.amazonaws.com

cs.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.221.200.79 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-221-200-79.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.180.85.76 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-180-85-76.ap-northeast-1.compute.amazonaws.com

sync.ad-stir.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.52.162.21 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.209.95.124 (Incheon, Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-209-95-124.ap-northeast-2.compute.amazonaws.com

adx.dable.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21ea:b800:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.178.172 (North Charleston, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.125.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-125-119.ewr52.r.cloudfront.net

ad.as.amanad.adtdp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.206.177.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-177-106.compute-1.amazonaws.com

trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.210.160.53 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-210-160-53.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:112:f002:bbbb::23 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 71	407 KB
19	sumo.com load.sumo.com — Cisco Umbrella Rank: 11462 sumo.com — Cisco Umbrella Rank: 10031	441 KB
11	criteo.com 4 redirects static.criteo.com — Cisco Umbrella Rank: 44206 gum.criteo.com — Cisco Umbrella Rank: 369 mug.criteo.com — Cisco Umbrella Rank: 2864 sslwidget.criteo.com — Cisco Umbrella Rank: 1760 dis.criteo.com — Cisco Umbrella Rank: 691	30 KB
4	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 404	4 KB
4	yahoo.com 1 redirects ads.yahoo.com — Cisco Umbrella Rank: 913 sp.analytics.yahoo.com — Cisco Umbrella Rank: 818 ups.analytics.yahoo.com — Cisco Umbrella Rank: 283	1 KB
4	adsrvr.org 4 redirects match.adsrvr.org — Cisco Umbrella Rank: 329	2 KB
4	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 37310	2 KB
4	gstatic.com fonts.gstatic.com	66 KB
3	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 419	1 KB
3	mediawallahscript.com 2 redirects partner.mediawallahscript.com — Cisco Umbrella Rank: 2306	2 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 96 cm.g.doubleclick.net — Cisco Umbrella Rank: 197	1 KB
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 205	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 287	1 KB
2	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 1974	2 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 389	736 B
2	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 552	862 B
2	addthis.com cw.addthis.com — Cisco Umbrella Rank: 1338	854 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	498 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	114 KB
2	behindthemarkets-btm.com www.behindthemarkets-btm.com	20 KB
2	center.io js.center.io — Cisco Umbrella Rank: 42931	8 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	2 KB
2	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 39607	93 KB
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 880	418 B
1	revcontent.com trends.revcontent.com — Cisco Umbrella Rank: 2009	336 B
1	adtdp.com ad.as.amanad.adtdp.com — Cisco Umbrella Rank: 2028	882 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 707	242 B
1	dable.io adx.dable.io — Cisco Umbrella Rank: 13782	142 B
1	ad-stir.com sync.ad-stir.com — Cisco Umbrella Rank: 2696	454 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 516	854 B
1	adingo.jp cs.adingo.jp — Cisco Umbrella Rank: 3239	413 B
1	socdm.com adgen.socdm.com — Cisco Umbrella Rank: 7393	827 B
1	tpmn.co.kr ad.tpmn.co.kr — Cisco Umbrella Rank: 3546	600 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 312	786 B
1	kargo.com crb.kargo.com — Cisco Umbrella Rank: 1519	504 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 758	476 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 316	448 B
1	google.ca www.google.ca — Cisco Umbrella Rank: 7861	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 13	501 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	51 KB
1	lpcontent.net embed.lpcontent.net — Cisco Umbrella Rank: 58640	15 KB
1	behind-the-markets.com www.behind-the-markets.com	18 KB
1	behindthemarkets.com go.behindthemarkets.com	55 KB
133	44

	Domain	Requested by
51	lh3.googleusercontent.com	go.behindthemarkets.com
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
5	sumo.com	load.sumo.com
5	gum.criteo.com	4 redirects static.criteo.com
4	secure.adnxs.com	3 redirects
4	match.adsrvr.org	4 redirects
4	api.leadpages.io	js.center.io embed.lpcontent.net
4	fonts.gstatic.com	fonts.googleapis.com
3	pixel.tapad.com	2 redirects
3	partner.mediawallahscript.com	2 redirects
3	dis.criteo.com
2	dpm.demdex.net	1 redirects
2	x.bidswitch.net	1 redirects
2	r.casalemedia.com	1 redirects
2	eb2.3lift.com	1 redirects
2	simage2.pubmatic.com
2	cw.addthis.com
2	ups.analytics.yahoo.com	1 redirects
2	cm.g.doubleclick.net	2 redirects
2	www.facebook.com	go.behindthemarkets.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	go.behindthemarkets.com connect.facebook.net
2	www.behindthemarkets-btm.com	www.googletagmanager.com www.behindthemarkets-btm.com
2	js.center.io	go.behindthemarkets.com js.center.io
2	fonts.googleapis.com	go.behindthemarkets.com client
2	static.leadpages.net	go.behindthemarkets.com static.leadpages.net
1	d.turn.com	1 redirects
1	trends.revcontent.com
1	ad.as.amanad.adtdp.com
1	s.ad.smaato.net
1	adx.dable.io
1	sync.ad-stir.com
1	contextual.media.net
1	cs.adingo.jp
1	adgen.socdm.com
1	ad.tpmn.co.kr
1	pixel.rubiconproject.com
1	crb.kargo.com
1	sync.outbrain.com
1	sp.analytics.yahoo.com
1	ads.yahoo.com
1	idsync.rlcdn.com
1	sslwidget.criteo.com	static.criteo.com
1	mug.criteo.com
1	www.google.ca	go.behindthemarkets.com
1	www.google.com	go.behindthemarkets.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	static.criteo.com	www.googletagmanager.com
1	www.googletagmanager.com	go.behindthemarkets.com
1	embed.lpcontent.net	go.behindthemarkets.com
1	www.behind-the-markets.com	go.behindthemarkets.com
1	go.behindthemarkets.com
133	52

This site contains no links.

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2021-12-06` - `2022-03-06`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2022-01-04` - `2022-04-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
behind-the-markets.com Starfield Secure Certificate Authority - G2	`2022-01-13` - `2022-08-23`	7 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
embed.lpcontent.net GTS CA 1D4	`2022-01-01` - `2022-04-01`	3 months	crt.sh
*.center.io Go Daddy Secure Certificate Authority - G2	`2021-11-22` - `2022-12-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-11` - `2022-03-10`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-04` - `2022-02-02`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2021-10-22` - `2022-11-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-07` - `2022-02-23`	2 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2021-10-24` - `2022-11-24`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.app.kargo.com Amazon	`2022-01-06` - `2023-02-03`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
ad.tpmn.co.kr GTS CA 1D4	`2021-12-30` - `2022-03-30`	3 months	crt.sh
*.socdm.com GlobalSign RSA OV SSL CA 2018	`2020-04-24` - `2022-06-02`	2 years	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.ad-stir.com AlphaSSL CA - SHA256 - G2	`2021-11-10` - `2022-12-12`	a year	crt.sh
*.dable.io Amazon	`2021-07-11` - `2022-08-09`	a year	crt.sh
s.ad.smaato.net Amazon	`2021-09-21` - `2022-10-20`	a year	crt.sh
*.as.amanad.adtdp.com Amazon	`2021-04-06` - `2022-05-05`	a year	crt.sh
revcontent.com Amazon	`2021-12-21` - `2023-01-19`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11
Frame ID: AA033988AB895C9E2151BED98949B51F
Requests: 98 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 4CA1BA836B705411C9FEF71B35CE5D8E
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: B85FBCDCFF2E538D6603D44BD2EE5E01
Requests: 2 HTTP requests in this frame

Frame: https://idsync.rlcdn.com/397596.gif?partner_uid=UwwYSKSaCldcc6sNbUZjwSp3nlTKLzxs
Frame ID: AF1B39ADB880A3778152902E4323C2C3
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BTM - "Three Words" BEZOS FE Offer

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

133
Requests

90 %
HTTPS

32 %
IPv6

44
Domains

52
Subdomains

47
IPs

4
Countries

1356 kB
Transfer

4222 kB
Size

66
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 81

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=PCELUHxZUDJkblNBWFlkNFQ0QytLNHhNWXR6V2hyN283MllsK0JmdmwvRTBkbCtEQmg2OXJsN1pxeGhYTGNhK05HbnFvbUR6VzQrYnk0V1FtYTRRN1ZQbzdhZWdrK2wwcDZhWXRBaWZKNFpKVzd0NmhFOGpJOHNlNkxOVTdQOHMxdmlyZG9vNGl1dFl5Z251eWtUM1RvK0M4WHRVYzBldGZLNDZBUFIyL2xZU2dWdzJVaEdjQUJQc243WWxPWTdyU1ZUZ3ppNW1zeERDcndZM0VLcWlkakFYaFNJOUhKdUxVZWM5bVdwaHQrWW9Nc3J4SUFWSFIzNU95eWoxM1BESFFsSkZwdHVnK3V0MmZqWGplTUNPZ1VCRXB3QT09fA&cppv=2

Request Chain 85

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397596.gif?partner_uid=UwwYSKSaCldcc6sNbUZjwSp3nlTKLzxs

Request Chain 86

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1GYkZWZnc2enFGR2oteUpFZHNpZWFnTlphQ0hWUmVfc2VKYms0dw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay1GYkZWZnc2enFGR2oteUpFZHNpZWFnTlphQ0hWUmVfc2VKYms0dw&google_tc= HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 87

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w&custom=&tag_format=img&tag_action=sync&custom=&cb=265dd040-3eb9-4187-9f1e-1e012dcf2420 HTTP 302
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=265dd040-3eb9-4187-9f1e-1e012dcf2420&final=true&reqid=f4e8b9d0-7e0d-11ec-a7a6-d17b62fa8f81&timestamp=2022-01-25T18%3A38%3A15.021Z HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=vxsrv3i&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vxsrv3i&ttd_tpi=1 HTTP 302
https://partner.mediawallahscript.com/?account_id=2027&partner_id=2051&uid=7737a345-8ee4-4077-9461-3b0d03e902ac&tag_format=img&tag_action=sync&cb=

Request Chain 88

https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%252C&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=7737a345-8ee4-4077-9461-3b0d03e902ac&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%2C

Request Chain 91

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-Ph7QNg6zqFGj-yJEdsieagNZaCFdZjJQ1LbNOQ HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-Ph7QNg6zqFGj-yJEdsieagNZaCFdZjJQ1LbNOQ&verify=true

Request Chain 96

https://secure.adnxs.com/setuid?entity=52&code=k-SKtYaA6zqFGj-yJEdsieagNZaCFwHazXRo-bzw&seg=95287 HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-SKtYaA6zqFGj-yJEdsieagNZaCFwHazXRo-bzw%26seg%3D95287

Request Chain 101

https://eb2.3lift.com/xuid?mid=2711&xuid=k-q37lgw6zqFGj-yJEdsieagNZaCF9ZDnjjLKgSQ&dongle=013b HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-q37lgw6zqFGj-yJEdsieagNZaCF9ZDnjjLKgSQ&dongle=013b&gdpr=0&cmp_cs=&us_privacy=

Request Chain 104

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA&C=1

Request Chain 107

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-xcHPsQ6zqFGj-yJEdsieagNZaCHHE9aMEwBFMA&expires=30&user_group=5 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-xcHPsQ6zqFGj-yJEdsieagNZaCHHE9aMEwBFMA&expires=30&user_group=5

Request Chain 112

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2868244041230485474

Request Chain 114

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=McypWrhpHcTs02n_7iGU944dGNsU-ont HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=McypWrhpHcTs02n_7iGU944dGNsU-ont

Request Chain 130

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/uHlw0DVd26h_SdWm2ZN-Vx-dFNl_ORmy/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2811942233326911735

133 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
go.behindthemarkets.com/btm-three-words-bezos-fe-offer/ 327 KB
55 KB 168ms
83ms Document
text/html 35.202.21.90
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

0b8dc28b5c381ac9854a7b82c141f9afa84925111748f7f70ec7bdf22734e734

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Tue, 25 Jan 2022 18:38:13 GMT
content-type: text/html
vary: Accept-Encoding
etag: W/"611ab67cd21f4def783516406c265b60"
last-modified: Mon, 27 Dec 2021 16:02:15 GMT
x-cache: MISS, HIT
cache-control: no-cache
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
14 KB 37ms
11ms Stylesheet
text/css 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 12:26:50 GMT
content-encoding: gzip
server: Google Frontend
age: 1231883
etag: "uPB0kA"
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: a1dfd9693e94026cdc29d6acf1863687
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 14628
via: 1.1 google
expires: Wed, 11 Jan 2023 12:26:50 GMT

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 84ms
37ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Chivo:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a397ef56c1dd7620e3d8f8fcf75cc1d505a7ea15a7bb971bfd91afe1d14bcacf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 25 Jan 2022 18:38:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 25 Jan 2022 18:38:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 Jan 2022 18:38:13 GMT

GET
H2 200 everflow.js Show response
www.behind-the-markets.com/scripts/sdk/ 58 KB
18 KB 67ms
41ms Script
text/javascript 34.120.142.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behind-the-markets.com/scripts/sdk/everflow.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.142.1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 1.142.120.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:13 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: 865cb945-941e-44e5-98eb-5017703cba61
alt-svc: clear

GET
H2 200 wUMWliMVCgRTefXUzn_p1Q4UfduppnPoAM2q-964jL-UVaI51EblsHNpE7u0Szbbqfk92Pa4Of4vZNrLm9WrGba_W27nSNq4hrw=s0
lh3.googleusercontent.com/ 19 KB
19 KB 91ms
40ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wUMWliMVCgRTefXUzn_p1Q4UfduppnPoAM2q-964jL-UVaI51EblsHNpE7u0Szbbqfk92Pa4Of4vZNrLm9WrGba_W27nSNq4hrw=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9ef5565ea0b640fde1f3b5adfa98e3a6ce1a00312c3c96a98351998f125aeef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19032
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 14:11:38 GMT

GET
H2 200 w1EaC32bUp3L2BWN7pS5I3QUQq9QGtCb-90zW3QORai2p68tvOv0qrdbxPTxzMDSsV354CDgC0nqJyBq0KIfUhhPcbmC8atZTNQ=s0
lh3.googleusercontent.com/ 223 B
339 B 88ms
40ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/w1EaC32bUp3L2BWN7pS5I3QUQq9QGtCb-90zW3QORai2p68tvOv0qrdbxPTxzMDSsV354CDgC0nqJyBq0KIfUhhPcbmC8atZTNQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

618ec2450f893f05615968d8f87901352d3ef557ea705f7c71da7dbcc08d49e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 09:36:25 GMT

GET
H2 200 xMUsxCBRi0UDK8NZ4xpaSb_YfJ8B1X60qdt11T8iP2QGuYQlfzVu_xxu9dKKSh2NE9ThwvbC2P27XKnlKGygxq6rysUtnwxxqmA=s0
lh3.googleusercontent.com/ 16 KB
16 KB 96ms
49ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/xMUsxCBRi0UDK8NZ4xpaSb_YfJ8B1X60qdt11T8iP2QGuYQlfzVu_xxu9dKKSh2NE9ThwvbC2P27XKnlKGygxq6rysUtnwxxqmA=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

967ae8cc54cbc55ff678063401c139bfaa3a61b699500e90b3f292f4185741cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16232
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 09:36:25 GMT

GET
H2 200 OCwXs3SiAMvrCHmsCcK-ntnVV4a1FLmhxfU60gfUZFHZddEfbGxHjrbnr0onj69ND9vXKT3XaNtFwlt7d8MjMDhR4YICe3m7Xhw=s0
lh3.googleusercontent.com/ 19 KB
19 KB 71ms
24ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OCwXs3SiAMvrCHmsCcK-ntnVV4a1FLmhxfU60gfUZFHZddEfbGxHjrbnr0onj69ND9vXKT3XaNtFwlt7d8MjMDhR4YICe3m7Xhw=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f9f6655137b977c887cf35163775dc648e70e49f768d310b42458eb307c1f01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19422
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 14:11:38 GMT

GET
H2 200 C60PlcrAlb4HqfS386M8H7L_FjWq8OBzmGhWFoDTbd3ip5tezHtGL-e6bX8CpwgGNzPlIGKdzBtGdGGPlRgA0xC_V_fql8XjEa6w=s0
lh3.googleusercontent.com/ 21 KB
21 KB 103ms
56ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/C60PlcrAlb4HqfS386M8H7L_FjWq8OBzmGhWFoDTbd3ip5tezHtGL-e6bX8CpwgGNzPlIGKdzBtGdGGPlRgA0xC_V_fql8XjEa6w=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bfe472278804df6f9400fde7a6cd952ef2cd6cca577d68ef048b69cbd1d6e7f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21425
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 10:45:42 GMT

GET
H2 200 JMDLLbZcel2OUdy1zLzDJcT8IY2t476bXNEkyheGnCPZS4i2eo6WGUV6fRz2a-VkAWT4sc9AAJadEcVTg-drcIxHQP9-9okrkg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 110ms
63ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JMDLLbZcel2OUdy1zLzDJcT8IY2t476bXNEkyheGnCPZS4i2eo6WGUV6fRz2a-VkAWT4sc9AAJadEcVTg-drcIxHQP9-9okrkg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

77065a838202b3fce069b2754f8fd3ad2f4aa5167c6eda22c217e4a7ae6a5a24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3610
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 10:45:54 GMT

GET
H2 200 xB7kv5XG048gVKySu4j9s2245clR8KfU9TotAbqJtT0misIfgMAqIa9nuP761Ql5zQEDBDPIO8CIfXnFk_mr1em09niEc6Wbog=w16
lh3.googleusercontent.com/ 4 KB
4 KB 58ms
53ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/xB7kv5XG048gVKySu4j9s2245clR8KfU9TotAbqJtT0misIfgMAqIa9nuP761Ql5zQEDBDPIO8CIfXnFk_mr1em09niEc6Wbog=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

81ea630fa495cf76c30fc131d9ef3d4df248b7008db6fc26603b9bdc91465e21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3609
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 10:46:25 GMT

GET
H2 200 SSRUOmkFLM0PIOLHFS8zgtuPcxhw5tA8IfNF6AQ4Iyc1BAGRg_pGAsfoQoiut9DUg2DajF0vV6zxFTKMZbX6zRQOi3qoBbSplhY=w16
lh3.googleusercontent.com/ 4 KB
4 KB 84ms
79ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/SSRUOmkFLM0PIOLHFS8zgtuPcxhw5tA8IfNF6AQ4Iyc1BAGRg_pGAsfoQoiut9DUg2DajF0vV6zxFTKMZbX6zRQOi3qoBbSplhY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6bfad1eb36a06b6ef0d5126a3e520cca102bb2e25d5d195831d0ebd261038147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3593
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 10:46:29 GMT

GET
H2 200 PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0
lh3.googleusercontent.com/ 26 KB
26 KB 77ms
73ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 14:53:16 GMT
x-content-type-options: nosniff
age: 13497
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26391
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 Nov 2021 09:48:00 GMT

GET
H2 200 JIgdGM0G_eyJ83x9YiTRld9DUg8ZrrRlGU3eHaXdw8QJM6g9kVWwWuGYidFtet4y9OdbNF8R-7_n-5SttG4B1_y_ktCVirxN8cCA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 83ms
79ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JIgdGM0G_eyJ83x9YiTRld9DUg8ZrrRlGU3eHaXdw8QJM6g9kVWwWuGYidFtet4y9OdbNF8R-7_n-5SttG4B1_y_ktCVirxN8cCA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b722bf7bdb6fe843fdac8fbcf28f8b3a0595d1de14bfeb1a5c391fee7c4a0d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 09:36:25 GMT

GET
H2 200 1kNm6Luy0y2mhKvQ5CWIWRARFhV9kjMcKgLh-lKyx5z4G9rOHZW001D07MubOj5Y7t2SQZoJB4JLuApJnau2e7L09jqrEIBF6w=w16
lh3.googleusercontent.com/ 4 KB
4 KB 82ms
78ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/1kNm6Luy0y2mhKvQ5CWIWRARFhV9kjMcKgLh-lKyx5z4G9rOHZW001D07MubOj5Y7t2SQZoJB4JLuApJnau2e7L09jqrEIBF6w=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b5316a5a55afb2bbc041d7d7a2d8d3e3b30ba5d0fe00a080858d1c4e63aa4567

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3600
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:16:53 GMT

GET
H2 200 0cvLJNCfIaMYrhY3GPzf5258QA8askvkVe92PCnv2eL4_V0p9SMN3hIwT5KTfHKoWx69dQJ1Ak49XTFGF77z12-AZJKqCwht8g=w16
lh3.googleusercontent.com/ 4 KB
4 KB 81ms
77ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0cvLJNCfIaMYrhY3GPzf5258QA8askvkVe92PCnv2eL4_V0p9SMN3hIwT5KTfHKoWx69dQJ1Ak49XTFGF77z12-AZJKqCwht8g=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d8a3ac134a4a89f9030deb8252e793ea336daedc50b8071d0170970fb0317e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3601
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:00:36 GMT

GET
H2 200 K1suYjP-KjMO9LexJNvsNmRmWJKvtPY7BBTICC81uTS7QDjEayMekQ7v6gCFYvexBrfWxKLFPTXA8A36xvQ0lVec9lNDlbATVEY=w16
lh3.googleusercontent.com/ 4 KB
4 KB 80ms
75ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/K1suYjP-KjMO9LexJNvsNmRmWJKvtPY7BBTICC81uTS7QDjEayMekQ7v6gCFYvexBrfWxKLFPTXA8A36xvQ0lVec9lNDlbATVEY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a4351df37ff05ea4562e26bf9f4d12f40a2d6c4d2e41bcdb4846aa484fb36406

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3601
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 0lRT8CfHt5ohGPzsxwkqpMgh3eKNcKFBGngeBw_4BgjX5SyHc4ep7Gy5iAuh3mtTz29JPuCzivHcLjBKsI-8=w16
lh3.googleusercontent.com/ 560 B
623 B 81ms
76ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0lRT8CfHt5ohGPzsxwkqpMgh3eKNcKFBGngeBw_4BgjX5SyHc4ep7Gy5iAuh3mtTz29JPuCzivHcLjBKsI-8=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f777a0ffa0d093767ad1063cd609bb8808a0bd5e7912b36b1d84c591a42f4041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 560
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:16:53 GMT

GET
H2 200 _vAQuZzu40Vqb4n4J7-h_BIX3b87Q214drjNlenmPtTHRgj_tV0J3iiodhTszP0pmBj4Ci-wyA_aj-tduoZ-dg=w16
lh3.googleusercontent.com/ 470 B
533 B 76ms
72ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_vAQuZzu40Vqb4n4J7-h_BIX3b87Q214drjNlenmPtTHRgj_tV0J3iiodhTszP0pmBj4Ci-wyA_aj-tduoZ-dg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7721ea6e678ff85357eb6c7de4f39681d7b4b53b765ee49d9e45b97bdab68a58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:00:37 GMT

GET
H2 200 LvWQ6tVg4FCzE2NA3jscZOuirNICnZ-vkVmhCoZym72RqkRMaC6pWeSGY-zA4p2HFJuVUeLTY_5N4ug6BQL8uLD8iIyUbsWqkig=w16
lh3.googleusercontent.com/ 4 KB
4 KB 75ms
71ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/LvWQ6tVg4FCzE2NA3jscZOuirNICnZ-vkVmhCoZym72RqkRMaC6pWeSGY-zA4p2HFJuVUeLTY_5N4ug6BQL8uLD8iIyUbsWqkig=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4fdd499c94f008a9d103efa65446c625ab89df3d22126b644f9a215cdf775ce2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3598
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 11:45:23 GMT

GET
H2 200 WaRcS5eJYDEymgBtA6JtzNv7SgzTeupW31pu_9ozOFFkyCYsACViRxUjKzaJAwUVkChs7XzhpNioKZudALu7TlraW1rBmtVGa4g=w16
lh3.googleusercontent.com/ 419 B
482 B 85ms
81ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/WaRcS5eJYDEymgBtA6JtzNv7SgzTeupW31pu_9ozOFFkyCYsACViRxUjKzaJAwUVkChs7XzhpNioKZudALu7TlraW1rBmtVGa4g=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b8240a9c60fe62c300ab7c55adc859be444bfe72c7644eecbfeba6e206138159

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 419
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:00:37 GMT

GET
H2 200 lyd6e9lNrIgfwFHJ57Mug4LwNPyYZ2h0lTDJRRskwMRBd7Gyf2wjPqm84Jt1gIojawxm_aucjcLbgszR1qhiLiI6-5xBrrv5Xg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 74ms
70ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/lyd6e9lNrIgfwFHJ57Mug4LwNPyYZ2h0lTDJRRskwMRBd7Gyf2wjPqm84Jt1gIojawxm_aucjcLbgszR1qhiLiI6-5xBrrv5Xg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5c4b1d6ef648a543e1d48d992b8e02407cd52349483adbee973a0c473e55bd5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 11:35:21 GMT

GET
H2 200 -IXDo-4QzguIBDpajhD4HQrhTMykfitZzKL2yzvGsCW7PpLJr5yqoG1tYGwFZ4H9wAB5_LZBx0SFxzjDa5MXu6RSZb3KpvqZ2w=w16
lh3.googleusercontent.com/ 4 KB
4 KB 72ms
68ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/-IXDo-4QzguIBDpajhD4HQrhTMykfitZzKL2yzvGsCW7PpLJr5yqoG1tYGwFZ4H9wAB5_LZBx0SFxzjDa5MXu6RSZb3KpvqZ2w=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

650460eae5dfc2e3c5b3b4976823af76f5a58dc8374782943fd8df2d049546a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3602
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 11:59:13 GMT

GET
H2 200 TYclxdzFvhiGUsoGyDn2EFhsVyBA8sGh7gM-AcLsCW6QrJ5Xnn_Ip4drwo0Qfo1Ev3glrQr4ZaWPDOuVyafisDdoJ5nsu7obew=w16
lh3.googleusercontent.com/ 4 KB
4 KB 73ms
69ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TYclxdzFvhiGUsoGyDn2EFhsVyBA8sGh7gM-AcLsCW6QrJ5Xnn_Ip4drwo0Qfo1Ev3glrQr4ZaWPDOuVyafisDdoJ5nsu7obew=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

66a452f4232d8fe0d1822ee50f210a3803581c55eb74fffcd071d6f6f8e9c3f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:00:37 GMT

GET
H2 200 IQ0QjgaMmnqNjdqqcrUDt-QHcHvgyUhvzuCiyewqe3-LJUUZYL6f8zJ3ArJ3l8oUCHkfm1vb6qgEwWglHzAIKh6Y6vmVs5e12A=w16
lh3.googleusercontent.com/ 4 KB
4 KB 73ms
69ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/IQ0QjgaMmnqNjdqqcrUDt-QHcHvgyUhvzuCiyewqe3-LJUUZYL6f8zJ3ArJ3l8oUCHkfm1vb6qgEwWglHzAIKh6Y6vmVs5e12A=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

933d9f8c046978fe44a9f9c7bcd851aad9dfad9b561a40247cfc0eecbfa5367b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3601
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 09:36:25 GMT

GET
H2 200 HSQRylVMTBq7ZW1aJ1Nj8P695EQmqnWNKj4_vy_fDgkwcrGkhUs8lu9AE0leYomnchLBBlVZW6Bbi7pnO3tTBCBwygCyRfjINrty=w16
lh3.googleusercontent.com/ 4 KB
4 KB 72ms
67ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HSQRylVMTBq7ZW1aJ1Nj8P695EQmqnWNKj4_vy_fDgkwcrGkhUs8lu9AE0leYomnchLBBlVZW6Bbi7pnO3tTBCBwygCyRfjINrty=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

760b44195afc093e424f6f8ccb1377bc1dd96907b8f750fc1cdede106bf8e0c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3598
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 19:43:28 GMT

GET
H2 200 5YpeAPyGbiuGA3GEVTiBk0xFhqKl1IFHcsJGglq9pdqsaK9KPK6JThChCEWiBZPlGKh0SI5Z99V5GMw6EOncf6neIWLskPMndQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 71ms
66ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/5YpeAPyGbiuGA3GEVTiBk0xFhqKl1IFHcsJGglq9pdqsaK9KPK6JThChCEWiBZPlGKh0SI5Z99V5GMw6EOncf6neIWLskPMndQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bfd60336f804d5fd594a8c6a466b9042b5adbd3f6e86a971b9ea7d83d1c66f93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:00:37 GMT

GET
H2 200 9ZQ7fQThjo61kO9nT_0G_FmyMEN8cadbTTUp7I8J4kgc07zGn7tfOL82Vm67HeIW52WCwO2FElMkYcxljSgSr0RLUPQWvvJsHw=w16
lh3.googleusercontent.com/ 336 B
399 B 70ms
66ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9ZQ7fQThjo61kO9nT_0G_FmyMEN8cadbTTUp7I8J4kgc07zGn7tfOL82Vm67HeIW52WCwO2FElMkYcxljSgSr0RLUPQWvvJsHw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dd1b25602b6b401fc41b9a36b8ccb2491a7acb93631dee871b91e125dfca0fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 336
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 14:11:38 GMT

GET
H2 200 kU4jJnmdBujF6GUc2jIuGwZIH-4kNCYDgRKG1SRmlYwVQIyHL5WeP14zVikx7xyKJO3L8mju9ndrao8eSeVblDdt2KCR6v9Png=s0
lh3.googleusercontent.com/ 49 KB
49 KB 58ms
54ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/kU4jJnmdBujF6GUc2jIuGwZIH-4kNCYDgRKG1SRmlYwVQIyHL5WeP14zVikx7xyKJO3L8mju9ndrao8eSeVblDdt2KCR6v9Png=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ce75ddf17236636a1019f06011aa7dd506b1a770764d10fc06bd38fa236ba60d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50463
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 14:11:38 GMT

GET
H2 200 EUA2sQwD0_QGKQHf3uCV9EstCmQ6yMXXn7ASRGWWZQMy4gngXs1AhJjTUE_MYCui6mhjbMas_u6qbVXGkWMsV4530i8cbnmr=w16
lh3.googleusercontent.com/ 347 B
433 B 71ms
67ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/EUA2sQwD0_QGKQHf3uCV9EstCmQ6yMXXn7ASRGWWZQMy4gngXs1AhJjTUE_MYCui6mhjbMas_u6qbVXGkWMsV4530i8cbnmr=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

61cf7d4999e60d7c01ddc5beb078eb5792ea87dcc6f5deccf5da309e6e5a843b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 347
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 13 Dec 2021 18:18:45 GMT

GET
H2 200 AdliqC9rWtOERU4XbB2tz0qVLKfce-EfnyRfYlXZ1piuRNMyBcdYnM8akoVY-6ABhiX1aqgsjnsyeWF0XBKLPfoTjBj4PDsMWK3F=w16
lh3.googleusercontent.com/ 337 B
423 B 68ms
64ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AdliqC9rWtOERU4XbB2tz0qVLKfce-EfnyRfYlXZ1piuRNMyBcdYnM8akoVY-6ABhiX1aqgsjnsyeWF0XBKLPfoTjBj4PDsMWK3F=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d5533ad7fafa2562515fcc560a0af84e0de340648aa7fa5be07d10da20ba2987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 337
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 19:43:28 GMT

GET
H2 200 pjZEIXEHQcvvgi0NcTU3iEKUU2GQM-t5QyC30VWdyOmH5wJ2EC64FASgmgHzsmIRWCD4CHg9QluMZzq9oxOzUUxxXpS439lZHA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 69ms
64ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/pjZEIXEHQcvvgi0NcTU3iEKUU2GQM-t5QyC30VWdyOmH5wJ2EC64FASgmgHzsmIRWCD4CHg9QluMZzq9oxOzUUxxXpS439lZHA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6f21f5e76411808caf672eb4316d0f46996d9b966c360203ffdf19150ea42e7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3592
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 tDcRfRmcI_qNXi26CmnoLH5-jfXFRt-8hrxGHfni-s0tmdfr-q_jpIrZLWmpGlelrG2s8Kkgr63XBHw1WO4bQrXRWj0aUPsH5-w=w16
lh3.googleusercontent.com/ 444 B
507 B 67ms
63ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/tDcRfRmcI_qNXi26CmnoLH5-jfXFRt-8hrxGHfni-s0tmdfr-q_jpIrZLWmpGlelrG2s8Kkgr63XBHw1WO4bQrXRWj0aUPsH5-w=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d168c5504b8d99ebaa16262ac7b2c8fb157d1434583496389c9c6be095d51377

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 444
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:16:53 GMT

GET
H2 200 vaAztC4Sn9dGzJn0Qgm7LYKVHSzNiV_2zIaK10NTwCFqqHG4V_8Xv99dupw3iXoOwJ9Cq3atylQqLDmHi9dXApeQdRKHSrQuSQ=w16
lh3.googleusercontent.com/ 507 B
594 B 69ms
65ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vaAztC4Sn9dGzJn0Qgm7LYKVHSzNiV_2zIaK10NTwCFqqHG4V_8Xv99dupw3iXoOwJ9Cq3atylQqLDmHi9dXApeQdRKHSrQuSQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e8eaaa4a3ef267d8ca904c610bb46dd0d1a530fed9cddf8a821f404e616961a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 507
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 19:33:53 GMT

GET
H2 200 uV6zxa2isInYyMRar1qYUlcCmTS7mM8s8nS1VgQcd_0kRrM6E3L-gUpS34Q98VPmZNRZwswEP-fT3v6IIyvA3JuJ7uvNcFgK6dQ=s0
lh3.googleusercontent.com/ 44 KB
44 KB 107ms
103ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uV6zxa2isInYyMRar1qYUlcCmTS7mM8s8nS1VgQcd_0kRrM6E3L-gUpS34Q98VPmZNRZwswEP-fT3v6IIyvA3JuJ7uvNcFgK6dQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

29bbcd6ee5e6ee395907fd162b57acafd89f4ab97f812c418fec63f8a656e709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45323
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:16:53 GMT

GET
H2 200 2S8M4GqxODZJVOmApCZbrzk-Ko9XvOpG-C1mrmsdxmHnEi27NJNPBnX3pXNAGTBQBFOeqGEHB-scFt_wAi6A2hmU5CCqpK_BKcA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 67ms
63ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/2S8M4GqxODZJVOmApCZbrzk-Ko9XvOpG-C1mrmsdxmHnEi27NJNPBnX3pXNAGTBQBFOeqGEHB-scFt_wAi6A2hmU5CCqpK_BKcA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

082b7628c8157463d2a84455fb24a602577abf31f71cb47b3d05f1057c8fd650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 vgx85SBN66oq_JjUzbsk-WW_N4I_5L4xAm8KsBY8qYzOfoZ8zWAf15pJ9hMZ73ibqSml1Y3zz-cHGckaTQUkF9aF4JdB-SGZutw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 105ms
101ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vgx85SBN66oq_JjUzbsk-WW_N4I_5L4xAm8KsBY8qYzOfoZ8zWAf15pJ9hMZ73ibqSml1Y3zz-cHGckaTQUkF9aF4JdB-SGZutw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f2780d6e1e71e774e7143356c71deadedc449293d09e9d7a0a28b63d5b0ed182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 11:45:23 GMT

GET
H2 200 kBHepUG5y2VQWW6o3kLquqpXFZvFNCfOCPMKEGi-tsmrTj4vXDdcgX19mRuqHx9HgjA_farlnp7Irp7N4y37mp8broLAzO1AW87A=s0
lh3.googleusercontent.com/ 47 KB
47 KB 99ms
95ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/kBHepUG5y2VQWW6o3kLquqpXFZvFNCfOCPMKEGi-tsmrTj4vXDdcgX19mRuqHx9HgjA_farlnp7Irp7N4y37mp8broLAzO1AW87A=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2ec990e8f65e18143617379f5b717be2e1db655988ec8290eb5d6fe6947b9db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48140
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 Nov 2021 11:25:02 GMT

GET
H2 200 0gorglIPxJZyiwWWnMXrO9__V6kf7Xv0L_t8C7qB919PygZWe29y7Cwlki09Jyv2SQkcjT8VYwvwySxGu63OxWbxtZBrTuAhNHI=w16
lh3.googleusercontent.com/ 1 KB
1 KB 106ms
102ms Image
image/gif 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/0gorglIPxJZyiwWWnMXrO9__V6kf7Xv0L_t8C7qB919PygZWe29y7Cwlki09Jyv2SQkcjT8VYwvwySxGu63OxWbxtZBrTuAhNHI=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c5ebd9dfab1f43abeaa97924628f78f4a2391ecb93eed283b59777ea651acd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1174
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 xMOLOr1-fxm_hEab7OJvHYbBL0PSVlPJ2cm0AeWn41llB3niT2Yw1Zvwh-lc15euj8bnvwVtV25bkeT7bQiqYukM574UU3KJVUk=w16
lh3.googleusercontent.com/ 1 KB
1 KB 105ms
101ms Image
image/gif 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/xMOLOr1-fxm_hEab7OJvHYbBL0PSVlPJ2cm0AeWn41llB3niT2Yw1Zvwh-lc15euj8bnvwVtV25bkeT7bQiqYukM574UU3KJVUk=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5c991d2b4dfe4703e1e5fef318d85561b1e9a794a91c31c63ea3808066a1d36b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1272
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 Ivy_dYsv1_qk4i9UHoWx2LyJycdw4pDs-XVWtqS1SSBAh_QQl4te3I8w588GMyOQubyJyr9lloK2_86aF9TiSe2ARXymVeM4p48=w16
lh3.googleusercontent.com/ 1 KB
1 KB 104ms
100ms Image
image/gif 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Ivy_dYsv1_qk4i9UHoWx2LyJycdw4pDs-XVWtqS1SSBAh_QQl4te3I8w588GMyOQubyJyr9lloK2_86aF9TiSe2ARXymVeM4p48=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

60f3ab684a6ee78ffb58efefb1c8ec6a2271d0cb94209e209769a36cfba86960

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1253
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 19:33:53 GMT

GET
H2 200 eM4PJkUJcvYsyGQrarNpar4vH4668v8GuJzcw40AshFHU5HMPtY15wl2qxAcYWN_mBU7LVozPQmDt4nTKVyvyLXa7aaiqtOJOQ=w16
lh3.googleusercontent.com/ 483 B
556 B 104ms
100ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/eM4PJkUJcvYsyGQrarNpar4vH4668v8GuJzcw40AshFHU5HMPtY15wl2qxAcYWN_mBU7LVozPQmDt4nTKVyvyLXa7aaiqtOJOQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ce05deaeac969882c57d07484fcb5705cffa93d225b39d7a5869a483bd1f80d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 483
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 14 Nov 2021 14:11:38 GMT

GET
H2 200 vN2bwkzsC2V5M_7wwvJsGYvx43PvmF04v6jJ_lIOZoUkoPtNNVtuCDO3E046PzXCgULgiGeBHiMhIb4U5QCnzTddtI0mwqFypo8=s0
lh3.googleusercontent.com/ 28 KB
28 KB 95ms
91ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vN2bwkzsC2V5M_7wwvJsGYvx43PvmF04v6jJ_lIOZoUkoPtNNVtuCDO3E046PzXCgULgiGeBHiMhIb4U5QCnzTddtI0mwqFypo8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2a7c78568651f3b8602053f626371ba401dc7b3a0a6ff24c3ec68a385e8707c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28746
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 Nov 2021 11:25:02 GMT

GET
H2 200 GL47VbO7flf7bnqedfLUYL97Jh_4MJ_HzNPK9JM7_oKlO5enX1P1tL7Kegpjzvn7SsY0jm_rs529hsbdCoTmuqyUJ9GYuoONofR_=w16
lh3.googleusercontent.com/ 405 B
471 B 101ms
97ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/GL47VbO7flf7bnqedfLUYL97Jh_4MJ_HzNPK9JM7_oKlO5enX1P1tL7Kegpjzvn7SsY0jm_rs529hsbdCoTmuqyUJ9GYuoONofR_=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

564c77c5c2e294c899287540e83ddd9da792d365187994b31a43a1aad071136c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 405
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 HanpwObZn-_Ancaa2XwrpZTrkpjm1NTGz9A38XkzpTOafFW2tsQTYf_BDnQz6oPKZZBPQqPFLzKOG-7uEi7KMVu_W-amDks4WcA=w16
lh3.googleusercontent.com/ 403 B
472 B 102ms
98ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HanpwObZn-_Ancaa2XwrpZTrkpjm1NTGz9A38XkzpTOafFW2tsQTYf_BDnQz6oPKZZBPQqPFLzKOG-7uEi7KMVu_W-amDks4WcA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bd389d5663fde302e3c6f163e218af5f3b4a33d802c9c9120166fcebe8682e16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 403
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 Nov 2021 11:25:02 GMT

GET
H2 200 7-LK_EfFepQ89wF0Y5xJHitY6lXkmRolBMoKckwHY3vMj-sACJKC-xrk09gPpREKQ9EanmBQVLAUvTHdATGQFZUwv0AB3jkuuGg=w16
lh3.googleusercontent.com/ 406 B
496 B 102ms
98ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/7-LK_EfFepQ89wF0Y5xJHitY6lXkmRolBMoKckwHY3vMj-sACJKC-xrk09gPpREKQ9EanmBQVLAUvTHdATGQFZUwv0AB3jkuuGg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0cca76c2e7f85fac0ed45048830cfa9518984ddd762598a9d32f9145e4f18721

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 406
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 13 Nov 2021 12:03:49 GMT

GET
H2 200 OdpvrqtK5znt1S9Ip6hdQJa53pU1gCFXJOmk8UavEnZGJ0RlxNZga9dUy9VFKUvzmmsw76Lye5JutcsP7I5qePC1sN8o2vQBCr4=w16
lh3.googleusercontent.com/ 977 B
1 KB 103ms
99ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OdpvrqtK5znt1S9Ip6hdQJa53pU1gCFXJOmk8UavEnZGJ0RlxNZga9dUy9VFKUvzmmsw76Lye5JutcsP7I5qePC1sN8o2vQBCr4=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

df41961c6fad4eee54e5e89630ab61d22305ff0b0f4494341b0b3614161922d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 17:33:11 GMT
x-content-type-options: nosniff
age: 3902
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 977
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 Nov 2021 11:25:02 GMT

GET
H2 200 wZsVet1nCtl-fkB_i2gxzYKN8SXKVvhklqqpjWVz1MkS-tSwkOjDKwlBz0WrQUb6ITImhJmoNxsAptxPVJbzDVaj2wC9wOVG3Bg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 103ms
99ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/wZsVet1nCtl-fkB_i2gxzYKN8SXKVvhklqqpjWVz1MkS-tSwkOjDKwlBz0WrQUb6ITImhJmoNxsAptxPVJbzDVaj2wC9wOVG3Bg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d787dec9a97cb026faf3a8a402fc923a7bcdcfeeb4cb61e04f232c1e1113cbf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3601
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 8FlzxsmMLXk6wPLgIveZA6BjrM1nR9znnniwrAJNliR25Abb0ndnEwjZJo3XS4ZV5nw90s7HXvMSUT4-XUeOlSmuCXM1O5kw8u35=w16
lh3.googleusercontent.com/ 4 KB
4 KB 100ms
96ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/8FlzxsmMLXk6wPLgIveZA6BjrM1nR9znnniwrAJNliR25Abb0ndnEwjZJo3XS4ZV5nw90s7HXvMSUT4-XUeOlSmuCXM1O5kw8u35=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4a906a213033d9bc5fc15e38a7296b6de13b4c25c1733c894417c1fc6720540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3602
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:56:37 GMT

GET
H2 200 MCI4oCF_gm9GoISLJeKFlsN-7l5D6DaxQJ3W-CXNyLJBKXZXhcQuEpMOt7VrHz317XWKG-zyYBfBiYJECRxzN0U7hiAMP91Q3A=w16
lh3.googleusercontent.com/ 4 KB
4 KB 94ms
90ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MCI4oCF_gm9GoISLJeKFlsN-7l5D6DaxQJ3W-CXNyLJBKXZXhcQuEpMOt7VrHz317XWKG-zyYBfBiYJECRxzN0U7hiAMP91Q3A=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e19210ee49a51d99b2261e908d711c603d64a4304092d9d85a4d981daeb5ff11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:30 GMT
x-content-type-options: nosniff
age: 11143
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3604
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 16 Dec 2021 11:25:33 GMT

GET
H2 200 69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16
lh3.googleusercontent.com/ 402 B
464 B 85ms
81ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 14:53:16 GMT
x-content-type-options: nosniff
age: 13497
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 19:33:53 GMT

GET
H2 200 e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16
lh3.googleusercontent.com/ 402 B
463 B 100ms
97ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 14:53:16 GMT
x-content-type-options: nosniff
age: 13497
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 08:43:25 GMT

GET
H2 200 ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0
lh3.googleusercontent.com/ 39 KB
39 KB 85ms
82ms Image
image/png 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 14:53:16 GMT
x-content-type-options: nosniff
age: 13497
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39437
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 08:43:25 GMT

GET
H2 200 embed.js Show response
embed.lpcontent.net/leadboxes/current/ 42 KB
15 KB 45ms
11ms Script
application/javascript 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:33:23 GMT
content-encoding: gzip
server: Google Frontend
age: 290
etag: "uPB0kA"
content-type: application/javascript
access-control-allow-origin: *
x-cloud-trace-context: ab6b8a7b414626b11460f6b6032cad06
cache-control: public, max-age=300
alt-svc: clear
content-length: 14811
via: 1.1 google
expires: Tue, 25 Jan 2022 18:38:23 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 156ms
47ms Script
application/javascript 2607:f8b0:4006:80f::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80f::2013 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:34:43 GMT
content-encoding: gzip
server: Google Frontend
age: 210
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: 3c5f92e527500436c764f66ca3a24582
cache-control: public, max-age=300
content-length: 5417
expires: Tue, 25 Jan 2022 18:39:43 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 154 KB
51 KB 113ms
60ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9976b98b6e690881fafaefa90108fb01040ad2a788f2d4efa2eba9de0abf8235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51991
x-xss-protection: 0
last-modified: Tue, 25 Jan 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 25 Jan 2022 18:38:13 GMT

GET
H2 200 LI1owdFSH7LDCACedZLLn47T9ritFK1sNono6M0bhkcYSzRTljCCV4-e18wVW7qOe8qxSaglS8FqzXP7qxh8uD7PzR64Kv1R-Q=w16
lh3.googleusercontent.com/ 328 B
721 B 50ms
23ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/LI1owdFSH7LDCACedZLLn47T9ritFK1sNono6M0bhkcYSzRTljCCV4-e18wVW7qOe8qxSaglS8FqzXP7qxh8uD7PzR64Kv1R-Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2849256621d8f50374aa4ac8be4ce6a74591d50d03e86d655adec906520d264f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 15:32:29 GMT
x-content-type-options: nosniff
age: 11144
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 328
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 10 Dec 2021 09:16:53 GMT

GET
H2 200 fa-solid-900.woff2
static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/ 78 KB
79 KB 36ms
12ms Font
font/woff2 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by: Host: static.leadpages.net
URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Request headers

Referer: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Origin: https://go.behindthemarkets.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 12:00:48 GMT
via: 1.1 google
server: Google Frontend
age: 1233445
etag: "uPB0kA"
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: fd86a8f5bc4312572e6076889fc36666
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 80148
expires: Wed, 11 Jan 2023 12:00:48 GMT

GET
H2 200 va9I4kzIxd1KFrBoQeM.woff2
fonts.gstatic.com/s/chivo/v12/ 18 KB
18 KB 92ms
42ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/chivo/v12/va9I4kzIxd1KFrBoQeM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Chivo:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf826b0f5476cd7773fe343ae2f2fb20127045727d31fa5d56c83253cd2901f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 19:33:02 GMT
x-content-type-options: nosniff
age: 515111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18508
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:40:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 19 Jan 2023 19:33:02 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 69ms
21ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Chivo:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 22 Jan 2022 07:38:42 GMT
x-content-type-options: nosniff
age: 298771
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 22 Jan 2023 07:38:42 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 64ms
26ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Chivo:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:30:30 GMT
x-content-type-options: nosniff
age: 468463
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 20 Jan 2023 08:30:30 GMT

GET
H2 200 va9F4kzIxd1KFrjTZPZ4sK0.woff2
fonts.gstatic.com/s/chivo/v12/ 16 KB
16 KB 65ms
48ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/chivo/v12/va9F4kzIxd1KFrjTZPZ4sK0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Chivo:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ed3f2bbbdba8d4b9463e5670ecc44d38f7b5401de7da6204fe6b1e6bedc07a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 08:21:20 GMT
x-content-type-options: nosniff
age: 469013
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16404
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 04:58:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 20 Jan 2023 08:21:20 GMT

GET
H2 200 LI1owdFSH7LDCACedZLLn47T9ritFK1sNono6M0bhkcYSzRTljCCV4-e18wVW7qOe8qxSaglS8FqzXP7qxh8uD7PzR64Kv1R-Q=w960
lh3.googleusercontent.com/ 15 KB
15 KB 20ms
20ms Image
image/jpeg 2607:f8b0:4006:820::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/LI1owdFSH7LDCACedZLLn47T9ritFK1sNono6M0bhkcYSzRTljCCV4-e18wVW7qOe8qxSaglS8FqzXP7qxh8uD7PzR64Kv1R-Q=w960

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1070fd17eb49d0f1161ebc5d86601a0ecc3184f482633f4ad3b11214277b488b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 17:03:04 GMT
x-content-type-options: nosniff
age: 5709
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 20:42:29 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 4CA1 4 KB
2 KB 29ms
29ms Document
text/html 2607:f8b0:4006:80f::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80f::2013 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/

Response headers

x-cloud-trace-context: de6ba632f6985780fe8f79de9b1cd8f4
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Tue, 25 Jan 2022 18:37:18 GMT
expires: Tue, 25 Jan 2022 18:42:18 GMT
cache-control: public, max-age=300
age: 55
etag: "OMWYXg"
content-type: text/html

GET
H2 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 58 KB
19 KB 78ms
31ms Script
text/javascript 2606:4700:3037::6815:55f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:55f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:13 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12889
cf-ray: 6d339e0918257136-YUL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 25 Jan 2022 15:03:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4uuyS9F%2BhORy%2FGWJP1HgFdd1t0Mq8wWvc4WZJ0fUp1h2O4bxaCGX%2FS6kAkrFXA67XZCzf%2FP8OiYl7JPSnrtWHHw5FStwSwutlPnl8RO9B3Hw%2FnL%2B3zX%2Bk7x9RJqW5UcfDVvLK5%2B%2B0f7RAM45BMaXkK%2FuMG30YhI%2B3K9"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: a360c042-31b6-4fae-9dea-805775ee1266

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 57ms
20ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c55508ea7ce1ad08364772fbfadb835d2b1d1b9238d345c45eee1943ada4ff6f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26237
x-xss-protection: 0
pragma: public
x-fb-debug: dp+v4nyohIr3EYfsdKiZaL3B/DGmXhf4wnfV8a7Rfyjjj0QOauFpH3cErwSVnFiX5YGFx5XtLu8hlIk9obnzzQ==
x-fb-trip-id: 1512268381
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 25 Jan 2022 18:38:13 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ld.js Show response
static.criteo.com/js/ld/ 40 KB
13 KB 392ms
194ms Script
text/javascript 178.250.2.130
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.com/js/ld/ld.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
content-encoding: gzip
last-modified: Tue, 14 Dec 2021 12:51:58 GMT
server: nginx
etag: W/"61b8936e-9faf"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 26 Jan 2022 18:38:14 GMT

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 162ms
45ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-three-words-bezos-fe-offer/?_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&utm_source=11&utm_campaign=&utm_medium=1006&id=1006&iocid=&aff=11
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: ABPVPXXSXTZ5DC8Q
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-30 15:45:11
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: X9Ms03/cidWk+Mnl37Dr42y2mXWPtPdO4wFMeDwt03jSFu8pmbPBFhJLDT+rO4rEP3jDQX86HN8=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:11 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d3fbec8e0ed81ecbe92303ced77c05fa
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
685 B 137ms
55ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=zbBKU3BE9z9Jgdpe95S3MK&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=2r9VqPxc5HoxNbamfeFGMx&sid=nauUZRgpFaNkhAXo6AYwmD&cid=lp-zbBKU3BE9z9Jgdpe95S3MK&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-three-words-bezos-fe-offer%2F%3F_ef_transaction_id%3Db5a3af6b9b7d4b61884fcff71390145b%26utm_source%3D11%26utm_campaign%3D%26utm_medium%3D1006%26id%3D1006%26iocid%3D%26aff%3D11&rf=&rx=1600&ry=1200&tz=%2B00%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:14 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 149.56.153.186
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 02c1oorkmppkvgln452g

GET
H3 200 3070500746422546 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 39ms
19ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/3070500746422546?v=2.9.51&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a1594163145a061268b25512d71f14ede1204087adcc2bf6bafc9c93804c3e53

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88918
x-xss-protection: 0
pragma: public
x-fb-debug: dgIAicIhz3Amb8+12n8z/CPDd5f6KAwMY/Pc09CD6EQ4mOcjPjJhZ95KT9rWQMLn8C+EPrWaLtHrojFi2AoR4w==
x-frame-options: DENY
date: Tue, 25 Jan 2022 18:38:13 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
20ms Script
text/javascript 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 983
date: Tue, 25 Jan 2022 18:21:51 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 25 Jan 2022 20:21:51 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 55ms
18ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-three-words-bezos-fe-offer%2F%3F_ef_transaction_id%3Db5a3af6b9b7d4b61884fcff71390145b%26utm_source%3D11%26utm_campaign%3D%26utm_medium%3D1006%26id%3D1006%26iocid%3D%26aff%3D11&rl=&if=false&ts=1643135894048&sw=1600&sh=1200&v=2.9.51&r=stable&ec=0&o=30&fbp=fb.1.1643135894047.1487019324&it=1643135893953&coo=false&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 25 Jan 2022 18:38:14 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
43 KB 54ms
53ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: 6MA4JEH8XM691VMQ
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-09-14 15:55:43
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Gcs8A3aaSBLcUnZ5OSYcGU78rcQ5K83RB0KJySU9nH5K1CEpR7EcjPEFcnAxrawrSFXHKqnmq3U=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:49 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 116e3f289a6e97b7740885ca5fed4655
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
99 KB 54ms
54ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: 6SP1VFJ8QKDF1381
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 19:31:42
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 5f4NZgHALYJkOan8kP0t/iE62FnhQWm5WBo1S1npn+hm6BJkoQoEeEjjNNwVZGw4lOPCCxMymlM=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:31:11 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: eaecc470b49ffa5914979f67ba4d6e63
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 60ms
33ms XHR
text/plain 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1913978504&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-three-words-bezos-fe-offer%2F%3F_ef_transaction_id%3Db5a3af6b9b7d4b61884fcff71390145b%26utm_source%3D11%26utm_campaign%3D%26utm_medium%3D1006%26id%3D1006%26iocid%3D%26aff%3D11&ul=en-us&de=UTF-8&dt=BTM%20-%20%22Three%20Words%22%20BEZOS%20FE%20Offer&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1114609191&gjid=1150664425&cid=457695314.1643135894&tid=UA-102395123-1&_gid=755692389.1643135894&_r=1&gtm=2wg1o0WNRH3TX&cd1=11&cd2=b5a3af6b9b7d4b61884fcff71390145b&cd3=false&cd4=false&z=1827338194

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 125ms
51ms XHR
text/plain 2607:f8b0:4023:1404::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102395123-1&cid=457695314.1643135894&jid=1114609191&gjid=1150664425&_gid=755692389.1643135894&_u=YEBAAEAAAAAAAC~&z=497332279

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4023:1404::9b Columbus, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 25 Jan 2022 18:38:14 GMT
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
447 B 118ms
40ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=dHzUCzUqVEJmjHtEvfawbw&kind=timer&label=lb_embed_embed_script_load&value=111.10000038146973
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:14 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 149.56.153.186
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 600
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 02c1b8uh9ted36cbb55g
access-control-expose-headers: LP-Security-Token

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 85 B
899 B 100ms
75ms Fetch
application/json 2606:4700:3037::6815:55f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=1645b1b280554ccefc7957712a9806f4&_ef_transaction_id=b5a3af6b9b7d4b61884fcff71390145b&oid=&affid=&__cc=&async=json
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:55f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fa48d10be45f23eb5a0e899d5b664b3a6e525de61935d65ad23c31b85377cc6

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-eflow-request-id: bb167378-93d5-424e-aa82-9b7ff2ccdd4b
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2F2O6ofgkLf%2BttjmNykopsPnzsEqmDe%2BJ%2BgqHhSm8MnwkUnkSCwLyBzLelAco4PzE%2FZDNCcaZIIpOKWpObuWK1iRJygwfoUFo6HsTwhS09Jdn2hGq2LggRQqQRwiBg3U0NQDVCWZtIBgWfqysYJEOsh6ZFYJKRtjgXqe"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
content-encoding: br
access-control-allow-credentials: true
cf-ray: 6d339e0b4c064bd1-YUL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 84ms
36ms Image
image/gif 2607:f8b0:4006:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=457695314.1643135894&jid=1114609191&_u=YEBAAEAAAAAAAC~&z=378319263

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
501 B 85ms
37ms Image
image/gif 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=457695314.1643135894&jid=1114609191&_u=YEBAAEAAAAAAAC~&z=378319263

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame B85F 13 KB
5 KB 290ms
96ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: static.criteo.com
URL: https://static.criteo.com/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

7225c811b9035a4ce65639eb7ab5e7850833a340a866cc8e4bc5c2ce4abe8756

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1397
date: Tue, 25 Jan 2022 18:38:14 GMT
content-length: 5180
strict-transport-security: max-age=31536000; preload;

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 38ms
18ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=Microdata&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-three-words-bezos-fe-offer%2F%3F_ef_transaction_id%3Db5a3af6b9b7d4b61884fcff71390145b%26utm_source%3D11%26utm_campaign%3D%26utm_medium%3D1006%26id%3D1006%26iocid%3D%26aff%3D11&rl=&if=false&ts=1643135894552&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22BTM%20-%20%5C%22Three%20Words%5C%22%20BEZOS%20FE%20Offer%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22BTM%20-%20%5C%22Three%20Words%5C%22%20BEZOS%20FE%20Offer%22%2C%22og%3Adescription%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.51&r=stable&ec=1&o=30&fbp=fb.1.1643135894047.1487019324&it=1643135893953&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Tue, 25 Jan 2022 18:38:14 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame B85F
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=PCELUHxZUDJkblNBWFlkNFQ0QytLNHhNWXR6V2hyN283MllsK0JmdmwvRTBkbCtEQmg2OXJsN1pxeGhYTGNhK05HbnFvbUR6VzQrYnk0V1FtYTRRN1ZQbzdhZWdrK2wwcDZhWXRBaWZKNFpKVzd0NmhFOGpJOHNlNkxOVT...

460 B
652 B

94ms
30ms

Fetch
application/json

74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=PCELUHxZUDJkblNBWFlkNFQ0QytLNHhNWXR6V2hyN283MllsK0JmdmwvRTBkbCtEQmg2OXJsN1pxeGhYTGNhK05HbnFvbUR6VzQrYnk0V1FtYTRRN1ZQbzdhZWdrK2wwcDZhWXRBaWZKNFpKVzd0NmhFOGpJOHNlNkxOVTdQOHMxdmlyZG9vNGl1dFl5Z251eWtUM1RvK0M4WHRVYzBldGZLNDZBUFIyL2xZU2dWdzJVaEdjQUJQc243WWxPWTdyU1ZUZ3ppNW1zeERDcndZM0VLcWlkakFYaFNJOUhKdUxVZWM5bVdwaHQrWW9Nc3J4SUFWSFIzNU95eWoxM1BESFFsSkZwdHVnK3V0MmZqWGplTUNPZ1VCRXB3QT09fA&cppv=2

Protocol

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Resource Hash

22ccf666ac5285e899e0329f71a27161e67a8ef68aee3c93906b4fa48801cf9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:13 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4538
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=PCELUHxZUDJkblNBWFlkNFQ0QytLNHhNWXR6V2hyN283MllsK0JmdmwvRTBkbCtEQmg2OXJsN1pxeGhYTGNhK05HbnFvbUR6VzQrYnk0V1FtYTRRN1ZQbzdhZWdrK2wwcDZhWXRBaWZKNFpKVzd0NmhFOGpJOHNlNkxOVTdQOHMxdmlyZG9vNGl1dFl5Z251eWtUM1RvK0M4WHRVYzBldGZLNDZBUFIyL2xZU2dWdzJVaEdjQUJQc243WWxPWTdyU1ZUZ3ppNW1zeERDcndZM0VLcWlkakFYaFNJOUhKdUxVZWM5bVdwaHQrWW9Nc3J4SUFWSFIzNU95eWoxM1BESFFsSkZwdHVnK3V0MmZqWGplTUNPZ1VCRXB3QT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2001
content-length: 541
expires: 0

POST
H2 200 / Show response
sumo.com/api/load/ 873 B
1 KB 330ms
88ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

53eea8706c2f371524ca8e7cd40cca34649d1f4f3ee29f042414a03091de739c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 25 Jan 2022 18:38:14 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 873

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
356 B 41ms
41ms Image
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=0,84,83,168,39,171,402,423,1594,1602
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:14 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 149.56.153.186
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 02c1op0mps71j24dr96g

GET
H2 200 event Show response
sslwidget.criteo.com/ 7 KB
8 KB 92ms
36ms Script
application/x-javascript 74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://sslwidget.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=U5RYhV9BVHFGJTJCM1ZpbVVXcFE4ZUVhTjRoUWUybFFaNE1uYkwzRU9tWHglMkZJZVdMenNiJTJCR2pnUHJVeExmMlY0YTZ2cDFjJTJCYUQ0ZjglMkZ4Vm1NSHBEQzk0cnk2WUVpY3hvem1vd1dNN0p4aUhWTU9FdGNiNHpvd3R5eGlSWU1xbFlDMHBhVHNnSzg4bjJ1R2d2WVkzYjVEc2JJbzZWRlZwbjNYNklHRmJOJTJGd2IzeGhrbE0lM0Q&tld=behindthemarkets.com&dtycbr=80177

Requested by

Host: static.criteo.com
URL: https://static.criteo.com/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

0938408647ea5d85a705e398c0f807335710ea19b396714da783ab696c131ed4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
content-type: application/x-javascript
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 12869345
timing-allow-origin: *
expires: 0

GET
H2

200

397596.gif
idsync.rlcdn.com/ Frame AF1B
Redirect Chain

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397596.gif?partner_uid=UwwYSKSaCldcc6sNbUZjwSp3nlTKLzxs

42 B
448 B

83ms
43ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397596.gif?partner_uid=UwwYSKSaCldcc6sNbUZjwSp3nlTKLzxs
Protocol: H2
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 25 Jan 2022 18:38:15 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397596.gif?partner_uid=UwwYSKSaCldcc6sNbUZjwSp3nlTKLzxs
date: Tue, 25 Jan 2022 18:38:14 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 4680
content-length: 197
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame AF1B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1GYkZWZnc2enFGR2oteUpFZHNpZWFnTlphQ0hWUmVfc2VKYms0dw
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay1GYkZWZnc2enFGR2oteUpFZHNpZWFnTlphQ0hWUmVfc2VKYms0dw&google_tc=
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
369 B

24ms
23ms

Image
image/gif

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 220606
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

/
partner.mediawallahscript.com/ Frame AF1B
Redirect Chain

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w&custom=&tag_format=img&tag_action=sync&custom=&cb=265dd040-3eb9-4187-9f1e-1e012dc...
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=265dd040-3eb9-418...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=vxsrv3i&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vxsrv3i&ttd_tpi=1
https://partner.mediawallahscript.com/?account_id=2027&partner_id=2051&uid=7737a345-8ee4-4077-9461-3b0d03e902ac&tag_format=img&tag_action=sync&cb=

0
590 B

24ms
24ms

Image
text/plain

54.83.13.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.mediawallahscript.com/?account_id=2027&partner_id=2051&uid=7737a345-8ee4-4077-9461-3b0d03e902ac&tag_format=img&tag_action=sync&cb=
Protocol: HTTP/1.1
Server: 54.83.13.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-83-13-4.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:15 GMT
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Server: nginx/1.16.1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://partner.mediawallahscript.com/?account_id=2027&partner_id=2051&uid=7737a345-8ee4-4077-9461-3b0d03e902ac&tag_format=img&tag_action=sync&cb=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 323

GET
H2

200

receive
pixel.tapad.com/idsync/ex/ Frame AF1B
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2926&partner_device_id=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%252C&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%252C&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=7737a345-8ee4-4077-9461-3b0d03e902ac&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%2C

95 B
429 B

38ms
38ms

Image
image/png

107.178.246.49
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=7737a345-8ee4-4077-9461-3b0d03e902ac&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%2C

Protocol

Server

107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.246.178.107.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=7737a345-8ee4-4077-9461-3b0d03e902ac&ttd_puid=2ec74011-fa54-40fb-b3cb-ffb14fe21fb9%2C
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 353

GET
H2 204 v1
ads.yahoo.com/cms/ Frame AF1B 0
194 B 413ms
31ms Image
text/plain 2001:4998:14:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4998:14:800::1001 Ashburn, United States, ASN14777 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame AF1B 43 B
724 B 63ms
20ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Tue, 25 Jan 2022 18:38:14 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame AF1B
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-Ph7QNg6zqFGj-yJEdsieagNZaCFdZjJQ1LbNOQ
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-Ph7QNg6zqFGj-yJEdsieagNZaCFdZjJQ1LbNOQ&verify=true

0
124 B

27ms
27ms

Image
text/plain

3.218.90.66
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-Ph7QNg6zqFGj-yJEdsieagNZaCFdZjJQ1LbNOQ&verify=true

Protocol

Server

3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-218-90-66.compute-1.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-Ph7QNg6zqFGj-yJEdsieagNZaCFdZjJQ1LbNOQ&verify=true
date: Tue, 25 Jan 2022 18:38:15 GMT
server: ATS/9.1.0.33
age: 1
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame AF1B 0
476 B 113ms
23ms Image
text/plain 64.202.112.223
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-4i4z9w6zqFGj-yJEdsieagNZaCHl3-GdS8IZ4Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:15 GMT
Cache-Control: no-cache
X-TraceId: bc64e34639c2a57dacb6978b272fed9b
Content-Length: 0

GET
H2 204 t.gif
cw.addthis.com/ Frame AF1B 0
427 B 169ms
67ms Image
text/plain 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-208-216-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 25 Jan 2022 18:38:15 GMT

GET
H/1.1 200
OK Criteo
crb.kargo.com/api/v1/dsync/ Frame AF1B 43 B
504 B 120ms
25ms Image
image/gif 54.242.231.184
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Criteo?exid=k-FbFVfw6zqFGj-yJEdsieagNZaCHVRe_seJbk4w
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.242.231.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-242-231-184.compute-1.amazonaws.com
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Jan 2022 18:38:15 GMT
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 43
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame AF1B 42 B
786 B 96ms
24ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-V6IDiA6zqFGj-yJEdsieagNZaCEztO3O9b1lrQ&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 9e7742894a018a40b59a2ed2117c85b5
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame AF1B
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-SKtYaA6zqFGj-yJEdsieagNZaCFwHazXRo-bzw&seg=95287
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-SKtYaA6zqFGj-yJEdsieagNZaCFwHazXRo-bzw%26seg%3D95287

43 B
1 KB

38ms
37ms

Image
image/gif

68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-SKtYaA6zqFGj-yJEdsieagNZaCFwHazXRo-bzw%26seg%3D95287

Protocol

HTTP/1.1

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Jan 2022 18:38:15 GMT
X-Proxy-Origin: 149.56.153.186; 149.56.153.186; 577.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: cfba5b04-1e0f-4bf6-97bc-a9916a2a9b7c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 Jan 2022 18:38:15 GMT
X-Proxy-Origin: 149.56.153.186; 149.56.153.186; 577.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: edf935ac-b6ee-4d6b-b14a-2e9e9ecac5e8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-SKtYaA6zqFGj-yJEdsieagNZaCFwHazXRo-bzw%26seg%3D95287
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 pixelCt.tpmn
ad.tpmn.co.kr/ Frame AF1B 170 B
600 B 227ms
191ms Image
image/png 34.102.166.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.tpmn.co.kr/pixelCt.tpmn?tpmn_nid=26a681017b4fdc02f3aef3aa921ede3e&tpmn_buid=k-l22UPQ6zqFGj-yJEdsieagNZaCGzkOCoR7cNeA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.166.132 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 132.166.102.34.bc.googleusercontent.com
Software: /
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
content-encoding: gzip
vary: accept-encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
content-type: image/png;charset=utf-8
alt-svc: clear
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync
adgen.socdm.com/rtb/ Frame AF1B 43 B
827 B 579ms
195ms Image
image/gif 124.146.215.4
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adgen.socdm.com/rtb/sync?proto=adgen&dspid=23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 124.146.215.4 Shibuya, Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-SO-Cluster-ID: 43
Date: Tue, 25 Jan 2022 18:38:15 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync?proto=adgen&dspid=23","cluster_id":43,"gdpr":false,"ipv4":"149.56.153.186","key":"YfBDl8Co8HUAAMHzHOwAAAAA","privacy_sensitive":false,"uid":"","upstream_id":"a-ad40359"}
X-SO-Ads-Time: 8
X-SO-Key: YfBDl8Co8HUAAMHzHOwAAAAA
Server: nginx
X-SO-Upstream-ID: a-ad40359
P3P: CP="See also http://www.scaleout.jp/privacy/"
Cache-Control: private
X-SO-HostName: a-ad40359.dc2p.scaleout.jp
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-SO-LB-Hostname: m-ng17.dc4p.scaleout.jp
X-SO-IP: 149.56.153.186

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame AF1B 42 B
676 B 103ms
24ms Image
image/gif 8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k--5OGJg6zqFGj-yJEdsieagNZaCHDUA9LlpZDCg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 12:34:51 GMT
cache-control: no-store, no-cache, private
x-lat: va2pug004:0:406
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 /
cs.adingo.jp/sync/ Frame AF1B 43 B
413 B 162ms
24ms Image
image/gif 23.23.105.100
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.adingo.jp/sync/?from=criteo&id=k-pZVhSg6zqFGj-yJEdsieagNZaCHaRL_WMp3QAA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.23.105.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-105-100.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: image/gif
server: nginx
p3p: CP=NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa HISa OUR SAMa OTRa STP UNI STA
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame AF1B
Redirect Chain

https://eb2.3lift.com/xuid?mid=2711&xuid=k-q37lgw6zqFGj-yJEdsieagNZaCF9ZDnjjLKgSQ&dongle=013b
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-q37lgw6zqFGj-yJEdsieagNZaCF9ZDnjjLKgSQ&dongle=013b&gdpr=0&cmp_cs=&us_privacy=

37 B
353 B

27ms
27ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-q37lgw6zqFGj-yJEdsieagNZaCF9ZDnjjLKgSQ&dongle=013b&gdpr=0&cmp_cs=&us_privacy=
Protocol: H2
Server: 52.223.22.214 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2711&xuid=k-q37lgw6zqFGj-yJEdsieagNZaCF9ZDnjjLKgSQ&dongle=013b&gdpr=0&cmp_cs=&us_privacy=
date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 cksync.php
contextual.media.net/ Frame AF1B 45 B
854 B 149ms
72ms Image
image/gif 23.221.200.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-JoCn6A6zqFGj-yJEdsieagNZaCFfpWth6lpFdA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.221.200.79 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-221-200-79.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
x-check-cacheable: YES
x-serial: 811
x-akamai-pragma-client-ip: 10.38.171.46, 50.236.21.114
date: Tue, 25 Jan 2022 18:38:15 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
server: Apache
expires: Tue, 25 Jan 2022 18:38:15 GMT

GET
H2 200 /
sync.ad-stir.com/ Frame AF1B 43 B
454 B 582ms
194ms Image
image/gif 18.180.85.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.ad-stir.com/?symbol=CRITEO&uid=k-TqdEvg6zqFGj-yJEdsieagNZaCH4OjoOux10_Q
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.180.85.76 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-180-85-76.ap-northeast-1.compute.amazonaws.com
Software: openresty /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: openresty
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate
content-length: 43
expires: 0

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame AF1B
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA&C=1

43 B
1 KB

39ms
38ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA&C=1
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 25 Jan 2022 18:38:15 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 25 Jan 2022 18:38:15 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 Jan 2022 18:38:15 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 296
Expires: Tue, 25 Jan 2022 18:38:15 GMT

GET
H2 204 pixel
adx.dable.io/ Frame AF1B 0
142 B 659ms
217ms Image
text/plain 13.209.95.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adx.dable.io/pixel?dsp_id=6&uid=k-0MogxQ6zqFGj-yJEdsieagNZaCGt4s3Xd-XoLA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.209.95.124 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-209-95-124.ap-northeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
server: nginx

GET
H2 204 /
s.ad.smaato.net/c/ Frame AF1B 0
242 B 88ms
18ms Image
text/plain 2600:9000:21ea:b800:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-FEiT0w6zqFGj-yJEdsieagNZaCHescdJiyXKkA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ea:b800:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
via: 1.1 04d5f6961d9b76b97c908d8ed9816378.cloudfront.net (CloudFront)
server: CloudFront
cache-control: no-cache, must-revalidate
x-amz-cf-pop: EWR50-C1
x-amz-cf-id: puJ1bZgNxRCe8foKYhwVReX4wQNQfT_MTqcdPGDkKZB_8d9mFn3H8g==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame AF1B
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-xcHPsQ6zqFGj-yJEdsieagNZaCHHE9aMEwBFMA&expires=30&user_group=5
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-xcHPsQ6zqFGj-yJEdsieagNZaCHHE9aMEwBFMA&expires=30&user_group=5

43 B
510 B

35ms
35ms

Image
image/gif

35.211.178.172
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-xcHPsQ6zqFGj-yJEdsieagNZaCHHE9aMEwBFMA&expires=30&user_group=5
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:15 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-xcHPsQ6zqFGj-yJEdsieagNZaCHHE9aMEwBFMA&expires=30&user_group=5
Date: Tue, 25 Jan 2022 18:38:15 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
ad.as.amanad.adtdp.com/v1/ Frame AF1B 42 B
882 B 204ms
159ms Image
image/gif 99.84.125.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.as.amanad.adtdp.com/v1/sync?dsp_id=4,5&uid=k-iSP-JQ6zqFGj-yJEdsieagNZaCHlN86_2WNd7A

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.125.119 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-125-119.ewr52.r.cloudfront.net

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
via: 1.1 c1c976b1b60b605adb44f62da9e0bb8a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: EWR52-C3
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 42
x-xss-protection: 0
pragma: no-cache
x-amzn-trace-id: Root=1-00000000-000000000000000000000000
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-amz-cf-id: F_WNY4s2IbOY_ufWYq2tihti7mDYBE5BlX01eB9xGJnR-zB1uUJnAw==
expires: Thu, 01 Jan 1970 09:00:00 GMT

GET
H2 200 pixel_sync
trends.revcontent.com/cm/ Frame AF1B 35 B
336 B 103ms
31ms Image
image/gif 34.206.177.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trends.revcontent.com/cm/pixel_sync?bidder=151&bidder_uid=k-u8s8AA6zqFGj-yJEdsieagNZaCFdvXBcSlCsoA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.177.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-177-106.compute-1.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
x-powered-by: Express
content-length: 35
content-type: image/gif

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 76ms
75ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Origin: https://go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Tue, 25 Jan 2022 18:38:15 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

POST
H2 200 services Show response
sumo.com/ 205 B
605 B 84ms
83ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: IeS8csdXNmVJTFCFmSdywYFX
Referer: https://go.behindthemarkets.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 205

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame AF1B
Redirect Chain

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2868244041230485474

43 B
370 B

26ms
25ms

Image
image/gif

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2868244041230485474

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:14 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2325632
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 25 Jan 2022 18:38:15 GMT
X-Proxy-Origin: 149.56.153.186; 149.56.153.186; 577.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid: db4a27ba-f0db-48fe-8f16-a244c26b5581
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2868244041230485474
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 t.gif
cw.addthis.com/ Frame AF1B 0
427 B 40ms
40ms Image
text/plain 23.208.216.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-V6IDiA6zqFGj-yJEdsieagNZaCEztO3O9b1lrQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-208-216-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 25 Jan 2022 18:38:15 GMT

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame AF1B
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=McypWrhpHcTs02n_7iGU944dGNsU-ont
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=McypWrhpHcTs02n_7iGU944dGNsU-ont

42 B
945 B

80ms
79ms

Image
image/gif

34.210.160.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=McypWrhpHcTs02n_7iGU944dGNsU-ont

Protocol

HTTP/1.1

Server

34.210.160.53 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-210-160-53.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS: dcs-prod-usw2-1-v024-01efbbff6.edge-usw2.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 3tGvmf+pQng=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-usw2-2-v024-0a98f39f5.edge-usw2.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: K+23qp/8TAE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=McypWrhpHcTs02n_7iGU944dGNsU-ont
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
33 KB 50ms
49ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: 8512EDYVZ5CSHDAJ
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 19:14:53
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: hWGcLKVNVo0BT1zQMYxtxRBS7/exc98HcL2LAYnGWafP/i91fKwcyZUjvHPhQZhCkcYw+E7oaJo=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:31:09 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: afb9aae7ef9f382a55f64381da2c8e5d
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 50ms
49ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: N3030J252J5JEC1T
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-09-13 21:26:04
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 2+PBD/PcKkMaP1vZhuNnZNbyYRThWIFZqUltJtAxypmNrJHvzESwLjbjjesDWhMp+r8oNCkwx1s=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:24 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: da86f43d9ba51efb1f4426c9b3a7457a
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 94ms
93ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: N301Y2FZYDY5QMY0
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-09-13 21:26:04
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: IZcXFiqmy/JM3eUhtXz41JKx1nYsK+nPCHPPwzeHhVejlbDDr1Rso1NSYMUX9Rnc6oLrAPsKF34=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:08 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"6bfdf1ae8492f107706ac037915be663"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: f95427bba24e6bf3659e21a921515dc0
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 93ms
92ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: NAB8H0RCQJBKVFXK
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-09-14 16:19:23
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: K0wCroZtwZsSB5+6Gs4bLJnLiDeWjXAhMdmjQs/gUR5t7a4BJbwMoZuITu2QVegXVECQ18heOS8=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:54 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"fc263e7087822a0b00ff93677d6df4ea"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 7c2fbbe11fea99423599ac8d149db95c
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
24 KB 90ms
90ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: N304ZWHSCP1T2NCX
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-09-13 21:26:04
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 4Hd8eZT4d8ddWpqgjsm0M0R6iQ0v/2J17dFHezV0h2BHLwo4Si0H0SnZ41gDv7K/dbESMW5Vqc4=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"8af82c4c30a069f66de02526c2f332af"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 68346306f215050b809e346215d558c7
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
93 KB 50ms
49ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: NABE2M2M0SDD0V58
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-09-14 16:19:23
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: xei8ckvS7OnSwr1+ysOzpHuX1+pZDz6tj/ppBshYwgc2W2V0tHaIfxnELQDjyF2vmhZ7jtLjEHo=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 31421c2f82337e38703ee0e1ccaead38
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 93ms
92ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: CV5PHE1G5NN7G84M
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 18:30:59
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: KoelTLB9yQxd7N3nJRNeKp/aBnhgPRYon321rxDcX+nj85m6Rfu616k40xdkVxV/odfy566s1co=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:30:29 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 997721e0033d11b6411fe10a8916dada
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 93ms
93ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: 47FWSVYZV8TREYDC
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 18:36:59
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 5vV2SuhCjRJw0ydkOLUmUjrTRSYwC2ueRO+H9Y4Ke7SxsUJ+6Zcz6r8kKo8JoT2eTOHlmb825JM=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:31:05 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"d200986501135078d1fbd7f480e7bb08"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 8d55018ea1c1c841661c43ecb858862d
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame AF1B 42 B
186 B 24ms
24ms Image
image/gif 8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMjMmdGw9MTI5NjAw&piggybackCookie=uid:k--5OGJg6zqFGj-yJEdsieagNZaCHDUA9LlpZDCg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 12:40:26 GMT
cache-control: no-store, no-cache, private
x-lat: va2pug003:0:404
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 47ms
46ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: GWZ78D726C4S238V
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 19:35:45
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 8p+sVLz+Hr6SvS8V4a/cJ04zknJr0h5COcQgUKv4bUTMv3P+BT76O/N5asMjqEHQeczosAL94bw=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:30:13 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"31baf056af3800bbd6e4f9e8b445d052"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 0143141d58fe965dc1dd740577319cb4
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
77 KB 47ms
47ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: P3ECQXAGSXQM8CTG
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 19:34:28
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: nLnX70wiwBt8jtTbIbPSvBNlXLQ7aVbr9hgbjgMB96IeBcVjQorESMLOqGernGXVxzNlm+mRhC0=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:31:30 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"f33273f5c8e8dd3d010a11b209891b91"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: ce40e3543f3fa8579a3561c854026c3f
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
963 B 57ms
56ms Script
text/javascript 195.181.168.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-742.bunnyinfra.net
Software: BunnyCDN-NY1-742 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: br
cdn-edgestorageid: 742
x-amz-request-id: DHY54S69CRG1GHD7
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-06-08 19:00:45
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: m3XUlPyRKCDHA0zTSTgoaxraUgEg3BWzmQlUXGJq1CEZj6uuJKT4S6t0I44H8tQSeWWwpNVzpiY=
access-control-allow-origin: *
last-modified: Fri, 28 May 2021 14:31:30 GMT
server: BunnyCDN-NY1-742
cdn-requestpullcode: 200
etag: W/"857476cf6e94c14c223d4481353b4c19"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: f470682a0751e82e4bc087376c107219
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 31 KB
1 KB 69ms
42ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 25 Jan 2022 18:23:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 25 Jan 2022 18:38:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 25 Jan 2022 18:38:15 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 105ms
104ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Sumo-Auth: IeS8csdXNmVJTFCFmSdywYFX

Response headers

date: Tue, 25 Jan 2022 18:38:15 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 89ms
89ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Tue, 25 Jan 2022 18:38:15 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/cdb/ Frame AF1B
Redirect Chain

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%25...
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/uHlw0DVd26h_SdWm2ZN-Vx-dFNl_ORmy/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_...
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2811942233326911735

43 B
370 B

27ms
26ms

Image
image/gif

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2811942233326911735

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2883992
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2811942233326911735
pragma: no-cache
date: Tue, 25 Jan 2022 18:38:15 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
447 B 41ms
41ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=8GGL7HV4JmDi6XRnC2DrTj&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=198.29999923706055,58.10000038146973,1,137.9000015258789
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 25 Jan 2022 18:38:18 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 149.56.153.186
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 02c1oprdhr1vodissrn0

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

66 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
go.behindthemarkets.com/btm-three-words-bezos-fe-offer	1970-01-20 01:08:47	Name: __smVID Value: 948611ec9d0c6e8ccf5ac78d3f5158da044bbfe87d88e28db1021b9166e16354
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 00:27:02	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.zbBKU3BE9z9Jgdpe95S3MK Value: 1643135894000
.behindthemarkets.com/	1970-01-20 02:35:11	Name: _gcl_au Value: 1.1.1979607836.1643135894
js.center.io/	1978-01-11 21:31:40	Name: centerVisitorId Value: 2r9VqPxc5HoxNbamfeFGMx
.behindthemarkets.com/	1970-01-20 02:35:11	Name: _fbp Value: fb.1.1643135894047.1487019324
.behindthemarkets.com/	1970-01-20 17:56:47	Name: _ga Value: GA1.2.457695314.1643135894
.behindthemarkets.com/	1970-01-20 00:27:02	Name: _gid Value: GA1.2.755692389.1643135894
.behindthemarkets.com/	1970-01-20 00:25:35	Name: _gat_UA-102395123-1 Value: 1
.facebook.com/	1970-01-20 02:35:11	Name: fr Value: 0XUdnPRjjDpeq4NIc..Bh8EOW...1.0.Bh8EOW.
go.behindthemarkets.com/	1970-01-20 01:08:47	Name: ef_tid_c_o_6 Value: b5a3af6b9b7d4b61884fcff71390145b
go.behindthemarkets.com/	1970-01-20 01:08:47	Name: ef_tid_c_a_2 Value: b5a3af6b9b7d4b61884fcff71390145b
.criteo.com/	1970-01-20 09:47:11	Name: uid Value: 27fc60b8-8f11-47e7-902f-7a178edd84d8
.behindthemarkets.com/	1970-01-20 09:54:59	Name: cto_bundle Value: U5RYhV9BVHFGJTJCM1ZpbVVXcFE4ZUVhTjRoUWUybFFaNE1uYkwzRU9tWHglMkZJZVdMenNiJTJCR2pnUHJVeExmMlY0YTZ2cDFjJTJCYUQ0ZjglMkZ4Vm1NSHBEQzk0cnk2WUVpY3hvem1vd1dNN0p4aUhWTU9FdGNiNHpvd3R5eGlSWU1xbFlDMHBhVHNnSzg4bjJ1R2d2WVkzYjVEc2JJbzZWRlZwbjNYNklHRmJOJTJGd2IzeGhrbE0lM0Q
go.behindthemarkets.com/	1970-01-20 09:11:11	Name: __smToken Value: IeS8csdXNmVJTFCFmSdywYFX
.tapad.com/	1970-01-20 01:51:59	Name: TapAd_TS Value: 1643135894986
.tapad.com/	1970-01-20 01:51:59	Name: TapAd_DID Value: 2ec74011-fa54-40fb-b3cb-ffb14fe21fb9
.yahoo.com/	1970-01-20 09:11:33	Name: A3 Value: d=AQABBJZD8GECEIO6mCoMrHe9V3R46bdF8jcFEgEBAQGV8WH6YQAAAAAA_eMAAA&S=AQAAAkUgiJsRygCLIAlpTSKmo30
.rubiconproject.com/	1970-01-20 09:11:11	Name: khaos Value: KYUGOQUI-O-GFQE
.rubiconproject.com/	1970-01-20 09:11:11	Name: audit Value: 1\|a3HOPiVCVAY/mckr8ff+j24H7LjHUy4e/qdZarhJL4XWaDs14xzbSP7R4SEuWZAfn/vAMiTAkj+M1KxoLazIt+aleybw1oy9Ba0etFFpiE32J/ofhzShY0w7GRFwf0x0L5vTat0PbDe7ct3t1zBD46E1yWY6wnR1HT9jkAcVCkrmQdVc7iIhNLYPAdWGRZ6V8p4Q5rMwDzg=
.analytics.yahoo.com/	1970-01-20 09:12:38	Name: IDSYNC Value: 18zh~22v6
.outbrain.com/	1970-01-20 02:35:11	Name: obuid Value: 3b76c011-35a0-4039-a04f-0db64ee3b826
.outbrain.com/	1970-01-20 01:08:47	Name: criteo Value: k-4i4z9w6zqFGj-yJEdsieagNZaCHl3-GdS8IZ4Q
.kargo.com/	1970-01-20 09:11:11	Name: ktcid Value: 24fa0ae2-c5dc-0a66-55ea-bead8f86c1ec
.adnxs.com/	1970-01-20 02:35:11	Name: uuid2 Value: 2868244041230485474
.doubleclick.net/	1970-01-20 17:56:47	Name: IDE Value: AHWqTUl3QmlHTyjiublL9cl18yeNWbU1sYdBx4td5TnfEJLy9aas4o_GZWcH9W_zd88
.mediawallahscript.com/	1970-01-20 17:56:47	Name: mCookie Value: f4f05af0-7e0d-11ec-94f8-dbb22499508a
.mediawallahscript.com/	1970-01-20 01:11:40	Name: mVisitedCookie_d41d8cd98f00b204e9800998ecf8427e_01_2022 Value: %7B%221KTuLJ%22%3A1%7D
.mediawallahscript.com/	1970-01-20 17:56:47	Name: mUserCookie Value: %7B%7D
.addthis.com/	1970-01-20 09:47:11	Name: ouid Value: 61f043970001144d04fd96ce82085865e6fefa5cac4dfa9a527a
.addthis.com/	1970-01-20 09:47:11	Name: uid Value: 61f043971ce5f769
.addthis.com/	1970-01-20 09:47:11	Name: na_id Value: 2022012518381507900144053112
.rlcdn.com/	1970-01-20 09:11:11	Name: rlas3 Value: o7GcLL8exF7q2cjNSQdwM/8lS6C/aAio1Ow5J7A0mDI=
.rlcdn.com/	1970-01-20 01:51:59	Name: pxrc Value: CAA=
.adsrvr.org/	1970-01-20 09:11:11	Name: TDID Value: 7737a345-8ee4-4077-9461-3b0d03e902ac
.adsrvr.org/	1970-01-20 09:11:11	Name: TDCPM Value: CAESFAoFdGFwYWQSCwiahNOY_I6wOhAFGAUgASgCMgsIkqWvxZKPsDoQBTgB
.pubmatic.com/	1970-01-20 01:08:47	Name: KRTBCOOKIE_97 Value: 3385-uid:k--5OGJg6zqFGj-yJEdsieagNZaCHDUA9LlpZDCg&KRTB&23286-uid:k--5OGJg6zqFGj-yJEdsieagNZaCHDUA9LlpZDCg&KRTB&23287-uid:k--5OGJg6zqFGj-yJEdsieagNZaCHDUA9LlpZDCg&KRTB&23288-uid:k--5OGJg6zqFGj-yJEdsieagNZaCHDUA9LlpZDCg
.pubmatic.com/	1970-01-20 01:08:47	Name: PugT Value: 1643114091
.pubmatic.com/	1970-01-20 02:35:11	Name: PUBMDCID Value: 2
.3lift.com/	1970-01-20 02:35:11	Name: tluid Value: 2085829630080211018208
.tapad.com/	1970-01-20 01:51:59	Name: TapAd_3WAY_SYNCS Value: 1!618
.adingo.jp/	1970-01-20 01:08:47	Name: criteo_dsp Value: k-pZVhSg6zqFGj-yJEdsieagNZaCHaRL_WMp3QAA
.media.net/	1970-01-20 09:11:11	Name: visitor-id Value: 2861374951455499000V10
.media.net/	1970-01-20 01:08:47	Name: data-c-ts Value: 1643135895
.media.net/	1970-01-20 01:08:47	Name: data-c Value: k-JoCn6A6zqFGj-yJEdsieagNZaCFfpWth6lpFdA~~3
.casalemedia.com/	1970-01-20 09:11:11	Name: CMID Value: YfBDl3cR-G6bkiF-BGp3bgAA
.casalemedia.com/	1970-01-20 02:35:11	Name: CMPS Value: 468
.tpmn.co.kr/	1970-01-20 09:11:11	Name: uuid Value: 2ba301a4ba8e49cb9d9e361095272a91
.tpmn.co.kr/	1970-01-20 01:08:47	Name: criteo Value: k-l22UPQ6zqFGj-yJEdsieagNZaCGzkOCoR7cNeA
.adnxs.com/	1970-01-20 02:35:11	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2GUk^E%4b!4<zRTC+=<+/ev2+ZQc@mFj?DRg5>JH]P_AU!YYFeP6bcq%hOihBQdgQ/g0Vv:=0yoX@th(/-B%3If)y3KL9D3I?*VY+_X'
.casalemedia.com/	1970-01-20 02:35:11	Name: CMPRO Value: 050
.casalemedia.com/	1970-01-20 09:11:11	Name: CMRUM3 Value: 1461f043972760k--sscvg6zqFGj-yJEdsieagNZaCGqhqtx-SETFA
.casalemedia.com/	1970-01-20 00:27:02	Name: CMST Value: YfBDl2HwQ5cA
.bidswitch.net/	1970-01-20 09:11:11	Name: tuuid Value: efad4db5-ae3d-45e3-b4f0-d74177194bf9
.bidswitch.net/	1970-01-20 09:11:11	Name: c Value: 1643135895
.bidswitch.net/	1970-01-20 09:11:11	Name: tuuid_lu Value: 1643135895
.revcontent.com/	1970-02-07 06:25:35	Name: __ID Value: 93cc1e094a5e46b5aebded9905505f44
.revcontent.com/	1970-01-20 01:08:47	Name: v1_151 Value: 1
.adtdp.com/	1970-01-20 17:56:47	Name: uid Value: 9dce38a0-e614-4009-a55c-91d32bbc489c
.adtdp.com/	1970-01-20 17:56:47	Name: pr Value: aja
.demdex.net/	1970-01-20 04:44:47	Name: demdex Value: 12954751770749341891411095840031332448
.socdm.com/	1970-01-20 17:56:47	Name: SOC Value: YfBDl8Co8HUAAMHzHOwAAAAA
.dpm.demdex.net/	1970-01-20 04:44:47	Name: dpm Value: 12954751770749341891411095840031332448
.ad-stir.com/	1970-01-20 17:56:47	Name: uid Value: 9e63a7d2-6c01-43ad-aa0a-2aeec4628921
.ad-stir.com/	1970-01-20 00:45:45	Name: d10 Value: k-TqdEvg6zqFGj-yJEdsieagNZaCH4OjoOux10_Q
.dable.io/	1970-01-20 02:49:35	Name: uid Value: 59705031.1643135895727
.turn.com/	1970-01-20 04:44:47	Name: uid Value: 2811942233326911735

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.as.amanad.adtdp.com
ad.tpmn.co.kr
adgen.socdm.com
ads.yahoo.com
adx.dable.io
api.leadpages.io
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
crb.kargo.com
cs.adingo.jp
cw.addthis.com
d.turn.com
dis.criteo.com
dpm.demdex.net
eb2.3lift.com
embed.lpcontent.net
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
idsync.rlcdn.com
js.center.io
lh3.googleusercontent.com
load.sumo.com
match.adsrvr.org
mug.criteo.com
partner.mediawallahscript.com
pixel.rubiconproject.com
pixel.tapad.com
r.casalemedia.com
s.ad.smaato.net
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sslwidget.criteo.com
static.criteo.com
static.leadpages.net
stats.g.doubleclick.net
sumo.com
sync.ad-stir.com
sync.outbrain.com
trends.revcontent.com
ups.analytics.yahoo.com
www.behind-the-markets.com
www.behindthemarkets-btm.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
x.bidswitch.net
107.178.246.49
124.146.215.4
13.209.95.124
142.250.64.66
178.250.2.130
18.180.85.76
195.181.168.47
2001:4998:14:800::1001
23.208.216.126
23.221.200.79
23.23.105.100
23.52.162.21
2600:9000:21ea:b800:1b:5138:8a40:93a1
2606:4700:3037::6815:55f5
2607:f8b0:4006:80d::2004
2607:f8b0:4006:80f::2013
2607:f8b0:4006:81d::200a
2607:f8b0:4006:81e::2003
2607:f8b0:4006:81f::2008
2607:f8b0:4006:820::2001
2607:f8b0:4006:820::2003
2607:f8b0:4006:824::200e
2607:f8b0:4023:1404::9b
2620:112:f002:bbbb::23
2a02:2638:1::13
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
3.218.90.66
34.102.166.132
34.107.203.240
34.120.142.1
34.206.177.106
34.210.160.53
35.190.60.146
35.192.151.63
35.202.21.90
35.211.178.172
52.223.22.214
52.223.40.198
52.38.14.212
54.242.231.184
54.83.13.4
64.202.112.223
68.67.160.24
69.173.151.100
74.119.119.139
74.119.119.150
76.13.32.146
8.28.7.83
99.84.125.119
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
082b7628c8157463d2a84455fb24a602577abf31f71cb47b3d05f1057c8fd650
0938408647ea5d85a705e398c0f807335710ea19b396714da783ab696c131ed4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b8dc28b5c381ac9854a7b82c141f9afa84925111748f7f70ec7bdf22734e734
0cca76c2e7f85fac0ed45048830cfa9518984ddd762598a9d32f9145e4f18721
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ed3f2bbbdba8d4b9463e5670ecc44d38f7b5401de7da6204fe6b1e6bedc07a0
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
1070fd17eb49d0f1161ebc5d86601a0ecc3184f482633f4ad3b11214277b488b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
22ccf666ac5285e899e0329f71a27161e67a8ef68aee3c93906b4fa48801cf9e
2849256621d8f50374aa4ac8be4ce6a74591d50d03e86d655adec906520d264f
29bbcd6ee5e6ee395907fd162b57acafd89f4ab97f812c418fec63f8a656e709
2a7c78568651f3b8602053f626371ba401dc7b3a0a6ff24c3ec68a385e8707c0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ec990e8f65e18143617379f5b717be2e1db655988ec8290eb5d6fe6947b9db7
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e
49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72
4a906a213033d9bc5fc15e38a7296b6de13b4c25c1733c894417c1fc6720540c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9
4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9
4fdd499c94f008a9d103efa65446c625ab89df3d22126b644f9a215cdf775ce2
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53eea8706c2f371524ca8e7cd40cca34649d1f4f3ee29f042414a03091de739c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296
564c77c5c2e294c899287540e83ddd9da792d365187994b31a43a1aad071136c
5c4b1d6ef648a543e1d48d992b8e02407cd52349483adbee973a0c473e55bd5f
5c991d2b4dfe4703e1e5fef318d85561b1e9a794a91c31c63ea3808066a1d36b
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
60f3ab684a6ee78ffb58efefb1c8ec6a2271d0cb94209e209769a36cfba86960
618ec2450f893f05615968d8f87901352d3ef557ea705f7c71da7dbcc08d49e5
61cf7d4999e60d7c01ddc5beb078eb5792ea87dcc6f5deccf5da309e6e5a843b
650460eae5dfc2e3c5b3b4976823af76f5a58dc8374782943fd8df2d049546a1
66a452f4232d8fe0d1822ee50f210a3803581c55eb74fffcd071d6f6f8e9c3f4
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bfad1eb36a06b6ef0d5126a3e520cca102bb2e25d5d195831d0ebd261038147
6f21f5e76411808caf672eb4316d0f46996d9b966c360203ffdf19150ea42e7f
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
7225c811b9035a4ce65639eb7ab5e7850833a340a866cc8e4bc5c2ce4abe8756
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
760b44195afc093e424f6f8ccb1377bc1dd96907b8f750fc1cdede106bf8e0c8
77065a838202b3fce069b2754f8fd3ad2f4aa5167c6eda22c217e4a7ae6a5a24
7721ea6e678ff85357eb6c7de4f39681d7b4b53b765ee49d9e45b97bdab68a58
7ce05deaeac969882c57d07484fcb5705cffa93d225b39d7a5869a483bd1f80d
81ea630fa495cf76c30fc131d9ef3d4df248b7008db6fc26603b9bdc91465e21
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8e8eaaa4a3ef267d8ca904c610bb46dd0d1a530fed9cddf8a821f404e616961a
8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f
8fa48d10be45f23eb5a0e899d5b664b3a6e525de61935d65ad23c31b85377cc6
933d9f8c046978fe44a9f9c7bcd851aad9dfad9b561a40247cfc0eecbfa5367b
967ae8cc54cbc55ff678063401c139bfaa3a61b699500e90b3f292f4185741cf
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
9976b98b6e690881fafaefa90108fb01040ad2a788f2d4efa2eba9de0abf8235
9ef5565ea0b640fde1f3b5adfa98e3a6ce1a00312c3c96a98351998f125aeef7
a1594163145a061268b25512d71f14ede1204087adcc2bf6bafc9c93804c3e53
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a397ef56c1dd7620e3d8f8fcf75cc1d505a7ea15a7bb971bfd91afe1d14bcacf
a4351df37ff05ea4562e26bf9f4d12f40a2d6c4d2e41bcdb4846aa484fb36406
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5316a5a55afb2bbc041d7d7a2d8d3e3b30ba5d0fe00a080858d1c4e63aa4567
b722bf7bdb6fe843fdac8fbcf28f8b3a0595d1de14bfeb1a5c391fee7c4a0d14
b8240a9c60fe62c300ab7c55adc859be444bfe72c7644eecbfeba6e206138159
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd389d5663fde302e3c6f163e218af5f3b4a33d802c9c9120166fcebe8682e16
bfd60336f804d5fd594a8c6a466b9042b5adbd3f6e86a971b9ea7d83d1c66f93
bfe472278804df6f9400fde7a6cd952ef2cd6cca577d68ef048b69cbd1d6e7f6
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c55508ea7ce1ad08364772fbfadb835d2b1d1b9238d345c45eee1943ada4ff6f
c5ebd9dfab1f43abeaa97924628f78f4a2391ecb93eed283b59777ea651acd3b
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce75ddf17236636a1019f06011aa7dd506b1a770764d10fc06bd38fa236ba60d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf826b0f5476cd7773fe343ae2f2fb20127045727d31fa5d56c83253cd2901f0
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
d168c5504b8d99ebaa16262ac7b2c8fb157d1434583496389c9c6be095d51377
d5533ad7fafa2562515fcc560a0af84e0de340648aa7fa5be07d10da20ba2987
d787dec9a97cb026faf3a8a402fc923a7bcdcfeeb4cb61e04f232c1e1113cbf1
d8a3ac134a4a89f9030deb8252e793ea336daedc50b8071d0170970fb0317e11
dd1b25602b6b401fc41b9a36b8ccb2491a7acb93631dee871b91e125dfca0fa6
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df41961c6fad4eee54e5e89630ab61d22305ff0b0f4494341b0b3614161922d0
e19210ee49a51d99b2261e908d711c603d64a4304092d9d85a4d981daeb5ff11
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2780d6e1e71e774e7143356c71deadedc449293d09e9d7a0a28b63d5b0ed182
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f777a0ffa0d093767ad1063cd609bb8808a0bd5e7912b36b1d84c591a42f4041
f9f6655137b977c887cf35163775dc648e70e49f768d310b42458eb307c1f01b
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

133 Requests

90 %HTTPS

32 %IPv6

44 Domains

52 Subdomains

47 IPs

4 Countries

1356 kBTransfer

4222 kBSize

66 Cookies

0 Outgoing links

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

90 %
HTTPS

32 %
IPv6

44
Domains

52
Subdomains

47
IPs

4
Countries

1356 kB
Transfer

4222 kB
Size

66
Cookies

133 HTTP transactions
0 data transactions