go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.b.incomeinvestinginsider.com/u/click?_t=c614a742f4a34122bca75572539fab42&_m=39ed9ecb4e514b92997ebe0d3803a43b&_e=n7MKMVrtLheiv...
Effective URL:
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campa...
Submission: On January 13 via api (January 13th 2022, 7:48:41 am UTC) from BE — Scanned from DE

Summary HTTP 144 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 52 IPs in 7 countries across 50 domains to perform 144 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on December 6th 2021. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.66.248.122 18.66.248.122	16509 (AMAZON-02) (AMAZON-02)
1 1	104.21.64.128 104.21.64.128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	50.97.244.203 50.97.244.203	36351 (SOFTLAYER) (SOFTLAYER)
1 3	104.21.85.245 104.21.85.245	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.202.21.90 35.202.21.90	15169 (GOOGLE) (GOOGLE)
3	34.107.203.240 34.107.203.240	15169 (GOOGLE) (GOOGLE)
2	216.58.212.170 216.58.212.170	15169 (GOOGLE) (GOOGLE)
1	34.120.142.1 34.120.142.1	15169 (GOOGLE) (GOOGLE)
56	142.250.185.129 142.250.185.129	15169 (GOOGLE) (GOOGLE)
2	216.58.214.19 216.58.214.19	15169 (GOOGLE) (GOOGLE)
1	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
1	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
2	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK)
1	178.250.2.130 178.250.2.130	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
7	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
4	35.192.151.63 35.192.151.63	15169 (GOOGLE) (GOOGLE)
2	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
2 4	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	31.13.64.35 31.13.64.35	32934 (FACEBOOK) (FACEBOOK)
1 3	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
1	64.233.167.157 64.233.167.157	15169 (GOOGLE) (GOOGLE)
1	142.250.186.100 142.250.186.100	15169 (GOOGLE) (GOOGLE)
1	142.251.36.35 142.251.36.35	15169 (GOOGLE) (GOOGLE)
5	52.38.14.212 52.38.14.212	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	172.217.168.194 172.217.168.194	15169 (GOOGLE) (GOOGLE)
1 2	54.155.208.14 54.155.208.14	16509 (AMAZON-02) (AMAZON-02)
1	87.248.118.22 87.248.118.22	203220 (YAHOO-DEB) (YAHOO-DEB)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	50.31.142.63 50.31.142.63	23352 (SERVERCEN...) (SERVERCENTRAL)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1	8.39.36.141 8.39.36.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1	184.30.24.22 184.30.24.22	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.32.22.28 13.32.22.28	16509 (AMAZON-02) (AMAZON-02)
1 2	3.122.13.237 3.122.13.237	16509 (AMAZON-02) (AMAZON-02)
1	52.210.237.91 52.210.237.91	16509 (AMAZON-02) (AMAZON-02)
1	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	185.86.137.131 185.86.137.131	201081 (SMARTADSE...) (SMARTADSERVER)
1	52.29.70.185 52.29.70.185	16509 (AMAZON-02) (AMAZON-02)
1 2	52.28.181.192 52.28.181.192	16509 (AMAZON-02) (AMAZON-02)
2 2	54.166.203.135 54.166.203.135	14618 (AMAZON-AES) (AMAZON-AES)
1	52.86.125.50 52.86.125.50	14618 (AMAZON-AES) (AMAZON-AES)
1	184.169.240.186 184.169.240.186	16509 (AMAZON-02) (AMAZON-02)
2 2	18.185.129.183 18.185.129.183	16509 (AMAZON-02) (AMAZON-02)
1	52.202.196.233 52.202.196.233	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2.21.40.243 2.21.40.243	16625 (AKAMAI-AS) (AKAMAI-AS)
1	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
1	52.0.188.249 52.0.188.249	14618 (AMAZON-AES) (AMAZON-AES)
1	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.194.81.74 35.194.81.74	15169 (GOOGLE) (GOOGLE)
1 1	46.228.164.13 46.228.164.13	56396 (AMOBEE) (AMOBEE)
144	52

1 18.66.248.122 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-122.dus51.r.cloudfront.net

links.b.incomeinvestinginsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.64.128 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.checkerlinkery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.97.244.203 (San Jose, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: clkmg.com

www.clkmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.21.85.245 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.202.21.90 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.203.240 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.lpcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.170 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.142.1 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 1.142.120.34.bc.googleusercontent.com

www.behind-the-markets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.214.19 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr26s05-in-f19.1e100.net

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.19 (Ireland)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-frx5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.96.102.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.192.151.63 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.0.157 (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.64.35 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-amt2.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.163 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.167.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wl-in-f157.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.36.35 (United States)

ASN15169 (GOOGLE, US)
PTR: ams17s12-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.38.14.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-14-212.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.168.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ams16s32-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.155.208.14 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-208-14.eu-west-1.compute.amazonaws.com

partner.mediawallahscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.22 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
PTR: e1.ycpi.vip.deb.yahoo.com

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.142.63 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

cw.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.141 (Los Angeles, United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.123 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.24.22 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-22.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-28.fra56.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.122.13.237 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-13-237.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.237.91 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-237-91.eu-west-1.compute.amazonaws.com

trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.131 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.70.185 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-70-185.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.181.192 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-181-192.eu-central-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.166.203.135 (United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-203-135.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.86.125.50 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-125-50.compute-1.amazonaws.com

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.169.240.186 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-184-169-240-186.us-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.129.183 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-129-183.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.196.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-196-233.compute-1.amazonaws.com

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.40.243 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-40-243.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

cdn.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.0.188.249 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-188-249.compute-1.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.194.81.74 (Washington, United States)

ASN15169 (GOOGLE, US)
PTR: 74.81.194.35.bc.googleusercontent.com

r3.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 68	770 KB
19	sumo.com load.sumo.com — Cisco Umbrella Rank: 9931 sumo.com — Cisco Umbrella Rank: 8727	449 KB
9	criteo.com 3 redirects static.criteo.com — Cisco Umbrella Rank: 31475 gum.criteo.com — Cisco Umbrella Rank: 339 sslwidget.criteo.com — Cisco Umbrella Rank: 1574 widget.us.criteo.com — Cisco Umbrella Rank: 18017 dis.criteo.com — Cisco Umbrella Rank: 574	28 KB
8	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4690 r3.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 60963	90 KB
5	yahoo.com 1 redirects ads.yahoo.com — Cisco Umbrella Rank: 722 sp.analytics.yahoo.com — Cisco Umbrella Rank: 740 ups.analytics.yahoo.com — Cisco Umbrella Rank: 249	2 KB
4	leadpages.io api.leadpages.io — Cisco Umbrella Rank: 29937	2 KB
3	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 458 i6.liadm.com — Cisco Umbrella Rank: 1305	1 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 169	1 KB
3	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com	21 KB
2	stickyadstv.com 1 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 601 cdn.stickyadstv.com — Cisco Umbrella Rank: 2380	1 KB
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 293	713 B
2	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 620	851 B
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 254	1 KB
2	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 1774	2 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 355	735 B
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 351	2 KB
2	mediawallahscript.com 1 redirects partner.mediawallahscript.com — Cisco Umbrella Rank: 1655	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 88	386 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	113 KB
2	center.io js.center.io — Cisco Umbrella Rank: 33479	8 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	2 KB
2	leadpages.net static.leadpages.net — Cisco Umbrella Rank: 31204	93 KB
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 772	418 B
1	bing.com c.bing.com — Cisco Umbrella Rank: 239	595 B
1	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 1975	220 B
1	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2439	183 B
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 885	428 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 555	264 B
1	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 532	163 B
1	taboola.com sync-t1.taboola.com — Cisco Umbrella Rank: 1063	231 B
1	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 1653	172 B
1	revcontent.com trends.revcontent.com — Cisco Umbrella Rank: 1832	337 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 671	239 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 461	782 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 481	676 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 270	239 B
1	addthis.com cw.addthis.com — Cisco Umbrella Rank: 1137	428 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 695	476 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 279	417 B
1	google.de www.google.de — Cisco Umbrella Rank: 6151	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 8	501 B
1	gstatic.com fonts.gstatic.com	32 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	53 KB
1	lpcontent.net embed.lpcontent.net — Cisco Umbrella Rank: 46747	15 KB
1	behind-the-markets.com www.behind-the-markets.com	18 KB
1	behindthemarkets.com go.behindthemarkets.com	49 KB
1	clkmg.com 1 redirects www.clkmg.com — Cisco Umbrella Rank: 91026	701 B
1	checkerlinkery.com 1 redirects www.checkerlinkery.com	788 B
1	incomeinvestinginsider.com 1 redirects links.b.incomeinvestinginsider.com	1 KB
144	50

	Domain	Requested by
56	lh3.googleusercontent.com	go.behindthemarkets.com
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
7	dev.visualwebsiteoptimizer.com	go.behindthemarkets.com dev.visualwebsiteoptimizer.com
5	sumo.com	load.sumo.com
4	gum.criteo.com	2 redirects static.criteo.com gum.criteo.com
4	api.leadpages.io	js.center.io embed.lpcontent.net
3	ups.analytics.yahoo.com	1 redirects
3	www.behindthemarkets-btm.com	1 redirects www.googletagmanager.com www.behindthemarkets-btm.com
2	pixel.advertising.com	2 redirects
2	i.liadm.com	2 redirects
2	ad.360yield.com	1 redirects
2	x.bidswitch.net	1 redirects
2	r.casalemedia.com	1 redirects
2	eb2.3lift.com	1 redirects
2	secure.adnxs.com	1 redirects
2	partner.mediawallahscript.com	1 redirects
2	dis.criteo.com
2	cm.g.doubleclick.net	2 redirects
2	www.facebook.com	go.behindthemarkets.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	go.behindthemarkets.com connect.facebook.net
2	js.center.io	go.behindthemarkets.com js.center.io
2	fonts.googleapis.com	go.behindthemarkets.com client
2	static.leadpages.net	go.behindthemarkets.com static.leadpages.net
1	d.turn.com	1 redirects
1	r3.visualwebsiteoptimizer.com	dev.visualwebsiteoptimizer.com
1	c.bing.com
1	sync-criteo.ads.yieldmo.com
1	cdn.stickyadstv.com
1	ads.stickyadstv.com	1 redirects
1	criteo-partners.tremorhub.com
1	jadserve.postrelease.com
1	i6.liadm.com
1	match.sharethrough.com
1	rtb-csync.smartadserver.com
1	sync-t1.taboola.com
1	criteo-sync.teads.tv
1	trends.revcontent.com
1	s.ad.smaato.net
1	contextual.media.net
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	cw.addthis.com
1	sync.outbrain.com
1	sp.analytics.yahoo.com
1	ads.yahoo.com
1	idsync.rlcdn.com
1	www.google.de	go.behindthemarkets.com
1	www.google.com	go.behindthemarkets.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	widget.us.criteo.com	go.behindthemarkets.com
1	sslwidget.criteo.com	1 redirects
1	static.criteo.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	go.behindthemarkets.com
1	embed.lpcontent.net	go.behindthemarkets.com
1	www.behind-the-markets.com	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.clkmg.com	1 redirects
1	www.checkerlinkery.com	1 redirects
1	links.b.incomeinvestinginsider.com	1 redirects
144	61

This site contains links to these domains. Also see Links.

Domain
behindthemarkets.com

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2021-12-06` - `2022-03-06`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2022-01-04` - `2022-04-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
partners.digitaloj.com Go Daddy Secure Certificate Authority - G2	`2021-06-25` - `2022-01-14`	7 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
embed.lpcontent.net GTS CA 1D4	`2022-01-01` - `2022-04-01`	3 months	crt.sh
*.center.io Go Daddy Secure Certificate Authority - G2	`2021-11-22` - `2022-12-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-11` - `2022-03-10`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-22` - `2022-01-20`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2021-10-22` - `2022-11-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-07` - `2022-02-23`	2 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2021-10-24` - `2022-11-24`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
s.ad.smaato.net Amazon	`2021-09-21` - `2022-10-20`	a year	crt.sh
revcontent.com Amazon	`2021-08-09` - `2022-09-07`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.postrelease.com Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.ads.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh

This page contains 4 frames:

Primary Page: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Frame ID: 4845248258B542E58DED0685EBD5983D
Requests: 109 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: B97F07C244162116BB9EBF1B62B8AB19
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: 7E2BC862D4344586DBD777EE6E0841A2
Requests: 2 HTTP requests in this frame

Frame: https://idsync.rlcdn.com/397596.gif?partner_uid=fdCxHBvIh-kE1gyJ0Mk_gWj8ANxbq7ay
Frame ID: B62834DE7E242F737D92E70AF45DCA7A
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

World War 5G

Page URL History Show full URLs

https://links.b.incomeinvestinginsider.com/u/click?_t=c614a742f4a34122bca75572539fab42&_m=39ed9ecb4e514b92997ebe0d3803a... HTTP 303
https://www.checkerlinkery.com/0111/discofatigue@gmail.com/incomeinvestinginsider.com/B/BTSL8 HTTP 302
http://www.clkmg.com/ruslancube/0111/discofatigue@gmail.com/incomeinvestinginsider.com/B/BTSL8 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=discofatigue@gmail.com&sub2=incomeinvestinginsider.com&su... HTTP 302
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

144
Requests

90 %
HTTPS

0 %
IPv6

50
Domains

61
Subdomains

52
IPs

7
Countries

1773 kB
Transfer

4887 kB
Size

73
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://behindthemarkets.com/p/terms
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://behindthemarkets.com/p/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.b.incomeinvestinginsider.com/u/click?_t=c614a742f4a34122bca75572539fab42&_m=39ed9ecb4e514b92997ebe0d3803a43b&_e=n7MKMVrtLheivhu9Ra9BgFpe-Nxmz6MCEoEJpMoCMSTwEaPjzXT13fgxz74RwxDmxXIwu-p5up_tQCUSJmCGxya5Qkue44VyO9FmaOZ5jsk0lzsddb2pVuxboxl00Ub_GMIf8hmhRV4T_esL-A7tXokdBYeA8C_JhNl2wvgOlMTWVdbFjsy7-4dc0BYWro5AgsAENH0X6FYuptHyKKvGBTLK6hgYjmSMHn7C6T9U4Ok2kBI2NoP30FaCUYz_hFG148CYh3On_bzFZZhLBEGf0lB0OV3PWdjWPeCHF3a9PMF2giwF0GD4214jDuN4zWtNJPdxNarSvdA4cGoUWI9Dtk9TZJf6ouwFEYq8KJcrsSE= HTTP 303
https://www.checkerlinkery.com/0111/discofatigue@gmail.com/incomeinvestinginsider.com/B/BTSL8 HTTP 302
http://www.clkmg.com/ruslancube/0111/discofatigue@gmail.com/incomeinvestinginsider.com/B/BTSL8 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=discofatigue@gmail.com&sub2=incomeinvestinginsider.com&sub3=B&sub4=BTSL8&sub5= HTTP 302
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://sslwidget.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkhvZ2NyZkt5dUJ0V0NqR0Zneng4Q1IyZDFWJTJGMGpHMWl3MDJWUXNDJTJGWWpyUzVOTU5yWlVqWk5nd3FQeDFSSlAzWTNpNHR4bm5mZ2U0JTJGT2tMeVNqdzhFbGs3YkNXVGgzcnBRU25mdnYlMkZIcW5BSVpiWTNXRW90Q2clMkIxWWFXVDhMSHl3akwwN2xtbndFWkFvOVNKSldpOTRDakElM0Q&tld=behindthemarkets.com&dtycbr=19877 HTTP 302
https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkhvZ2NyZkt5dUJ0V0NqR0Zneng4Q1IyZDFWJTJGMGpHMWl3MDJWUXNDJTJGWWpyUzVOTU5yWlVqWk5nd3FQeDFSSlAzWTNpNHR4bm5mZ2U0JTJGT2tMeVNqdzhFbGs3YkNXVGgzcnBRU25mdnYlMkZIcW5BSVpiWTNXRW90Q2clMkIxWWFXVDhMSHl3akwwN2xtbndFWkFvOVNKSldpOTRDakElM0Q&tld=behindthemarkets.com&dtycbr=19877

Request Chain 94

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397596.gif?partner_uid=fdCxHBvIh-kE1gyJ0Mk_gWj8ANxbq7ay

Request Chain 95

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1valRfSXZic0dELXVJeTBjMk1zNjgweUc3Vll1dHRvUEpXdWZYZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay1valRfSXZic0dELXVJeTBjMk1zNjgweUc3Vll1dHRvUEpXdWZYZw&google_tc= HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 96

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-ojT_IvbsGD-uIy0c2Ms680yG7VYuttoPJWufXg&custom=&tag_format=img&tag_action=sync&custom=&cb=87733797-a981-465a-8a74-e623cb3ac4c9 HTTP 302
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-ojT_IvbsGD-uIy0c2Ms680yG7VYuttoPJWufXg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=87733797-a981-465a-8a74-e623cb3ac4c9&final=true&reqid=36b59cc0-7445-11ec-85eb-ef7e273bfbed&timestamp=2022-01-13T07%3A48%3A36.108Z

Request Chain 99

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-aiJURvbsGD-uIy0c2Ms680yG7VYDUvOb8dPhYA HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-aiJURvbsGD-uIy0c2Ms680yG7VYDUvOb8dPhYA&verify=true

Request Chain 103

https://secure.adnxs.com/setuid?entity=52&code=k-oiaQDfbsGD-uIy0c2Ms680yG7VZthRanon2bBw&seg=95287 HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-oiaQDfbsGD-uIy0c2Ms680yG7VZthRanon2bBw%26seg%3D95287

Request Chain 105

https://eb2.3lift.com/xuid?mid=2711&xuid=k-DDRBO_bsGD-uIy0c2Ms680yG7VY0qTw17R9p4w&dongle=013b HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-DDRBO_bsGD-uIy0c2Ms680yG7VY0qTw17R9p4w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

Request Chain 107

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA&C=1

Request Chain 109

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-wm3KyvbsGD-uIy0c2Ms680yG7VbY2nGJ6U01fw&expires=30&user_group=5 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-wm3KyvbsGD-uIy0c2Ms680yG7VbY2nGJ6U01fw&expires=30&user_group=5

Request Chain 115

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-Z-1UF_bsGD-uIy0c2Ms680yG7VYgk_TlVcF_sA HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-Z-1UF_bsGD-uIy0c2Ms680yG7VYgk_TlVcF_sA

Request Chain 116

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA HTTP 303
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA&_li_chk=true&previous_uuid=1298240cea60498db8933fa981c55597 HTTP 303
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA

Request Chain 118

https://pixel.advertising.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1&apid=UP36f9aab4-7445-11ec-bb0e-0680aff4cac6

Request Chain 120

https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-PUFUJfbsGD-uIy0c2Ms680yG7VYojtdPjFos9Q&redirectId=69 HTTP 302
https://cdn.stickyadstv.com/one-shot/empty.gif

Request Chain 125

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/iZcTq3vSe5BpF8Rw36Up7qmZdTwp8U7M/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2541928525566074600

144 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/btm-5g-arrow-sandia/
Redirect Chain

https://links.b.incomeinvestinginsider.com/u/click?_t=c614a742f4a34122bca75572539fab42&_m=39ed9ecb4e514b92997ebe0d3803a43b&_e=n7MKMVrtLheivhu9Ra9BgFpe-Nxmz6MCEoEJpMoCMSTwEaPjzXT13fgxz74RwxDmxXIwu-p...
https://www.checkerlinkery.com/0111/discofatigue@gmail.com/incomeinvestinginsider.com/B/BTSL8
http://www.clkmg.com/ruslancube/0111/discofatigue@gmail.com/incomeinvestinginsider.com/B/BTSL8
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=discofatigue@gmail.com&sub2=incomeinvestinginsider.com&sub3=B&sub4=BTSL8&sub5=
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82

301 KB
49 KB

693ms
323ms

Document
text/html

35.202.21.90
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

718376d4fdf85b7910071d6196e4e14cd2972f90ec70e622cc5892e65ada124d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 13 Jan 2022 07:48:33 GMT
content-type: text/html
vary: Accept-Encoding
etag: W/"3ac793da544d6e85ae4bf2804132f3da"
last-modified: Thu, 06 Jan 2022 15:43:56 GMT
x-cache: MISS, HIT
cache-control: no-cache
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br

Redirect headers

date: Thu, 13 Jan 2022 07:48:33 GMT
content-type: text/html; charset=utf-8
location: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
vary: Origin
x-eflow-request-id: df496ce8-aaf1-4a67-8afa-7897bf63cab1
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFUUE3GBZ0kSS8kHiALyv%2BLbgyN8%2Fo0kXTa6FvoS5K2ovVbLXMlyk4IcLfQCax7YQwNP%2B%2FZbNq8Bgms4DExmnOzgINtlRCRcdktVA0VhhXf43UXwzbirv20vUtLqSv%2BWOkY4lBAGoZvCKjiuVACY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ccd05d9cfaaf2b8-WAW
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
14 KB 207ms
66ms Stylesheet
text/css 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 14:02:05 GMT
content-encoding: gzip
server: Google Frontend
age: 236789
etag: "uPB0kA"
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: ec4b429aff45fc0c2f830d96b00420ea
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 14628
via: 1.1 google
expires: Tue, 10 Jan 2023 14:02:05 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 204ms
74ms Stylesheet
text/css 216.58.212.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f10.1e100.net

Software

ESF /

Resource Hash

1b0a8b83386af99b99eeeea1f50deddabbbc2a70d324c7ed466fc4399d31e3b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 06:14:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 13 Jan 2022 07:48:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Jan 2022 07:48:34 GMT

GET
H2 200 everflow.js Show response
www.behind-the-markets.com/scripts/sdk/ 58 KB
18 KB 323ms
167ms Script
text/javascript 34.120.142.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behind-the-markets.com/scripts/sdk/everflow.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.142.1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 1.142.120.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: e84d4e24-1dbc-4473-8a09-c6e3985a7b8d
alt-svc: clear

GET
H2 200 AQ5VUH0Nj14Mgaeh1JQWi7IerYk_Qp25RCGdYpoSG3G65ryIg9qYk1-B59c270Q4CLJd4bexRVFR7E1Dag4g=s0
lh3.googleusercontent.com/ 45 KB
46 KB 463ms
337ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AQ5VUH0Nj14Mgaeh1JQWi7IerYk_Qp25RCGdYpoSG3G65ryIg9qYk1-B59c270Q4CLJd4bexRVFR7E1Dag4g=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

7bd10dcd45b27f8c416e2963cbec082c8beb2b653a0002d67bf0857b2db95c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46568
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w16
lh3.googleusercontent.com/ 988 B
1 KB 68ms
68ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

ba398c4073f3dde850f04637918764494bad50499536ad1781113c66ec325eae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 988
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w16
lh3.googleusercontent.com/ 3 KB
4 KB 73ms
64ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

f962a0a8539cb44fb06a4494ffc65fa38369085603acf1a4b96adb8fb164e0d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3560
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:17 GMT

GET
H2 200 TYG-SIkPivIE5orrrQrIgOtWIrd8L7hXmRVfJmUGMzWvkFEK8SJ843iruoRXWwSOKm9PTjBNWclEGepvwB1m=w16
lh3.googleusercontent.com/ 3 KB
4 KB 121ms
111ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TYG-SIkPivIE5orrrQrIgOtWIrd8L7hXmRVfJmUGMzWvkFEK8SJ843iruoRXWwSOKm9PTjBNWclEGepvwB1m=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

b3fdac93d880353fc983f82b9ed6fa62e54d755e05c1ee51020d98e95e35cb1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3563
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 6myFPUmx_vo2b82wPBofB04jE0A4gUoQ-2fFegRtVv--YqAD5NK5VSEJMIzKJHUV2Co96Fzc2zm7SxWs6WS1eXo=w16
lh3.googleusercontent.com/ 371 B
433 B 76ms
67ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/6myFPUmx_vo2b82wPBofB04jE0A4gUoQ-2fFegRtVv--YqAD5NK5VSEJMIzKJHUV2Co96Fzc2zm7SxWs6WS1eXo=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

f99dac30c7093e8b1c2689aef392938701193512f32b6a919249821c6ba5a353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 371
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 nY0taz2--WWs6OFQDTSywKwMQ6DSZgLRZyH-x1oSMA81PwJQeNsr4p6WuxhL-TJM7iD7alDVt1larTI6sKUB7Q=w16
lh3.googleusercontent.com/ 4 KB
4 KB 122ms
113ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/nY0taz2--WWs6OFQDTSywKwMQ6DSZgLRZyH-x1oSMA81PwJQeNsr4p6WuxhL-TJM7iD7alDVt1larTI6sKUB7Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

96ad5f56a00803d62c47a3d21d9017916e470ab35935361f0f822af42d559d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3598
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0
lh3.googleusercontent.com/ 26 KB
26 KB 77ms
67ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26391
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 21:09:39 GMT

GET
H2 200 _x-gHJ-aGYkeRc1NWopMbRlCWSQGhtjX4HGUpZu9ytTeHF1njf4pswrGxQpUmFdsYU_G8lUCoNvDBIQmiVlPNcc=w16
lh3.googleusercontent.com/ 4 KB
4 KB 127ms
118ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_x-gHJ-aGYkeRc1NWopMbRlCWSQGhtjX4HGUpZu9ytTeHF1njf4pswrGxQpUmFdsYU_G8lUCoNvDBIQmiVlPNcc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

73c42500e4af90ca921ec406fd0cb6af6a43fe78d1eda3de7d655aa215565a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3594
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 e61vc2JIp4aDz2gLNZyUwUYw8MnRuJCZJVA4wAXQU0yyDdI7x5LIulZihIch2VM6h5Lju7t_YUb9m8HyBTr4dg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 311ms
303ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e61vc2JIp4aDz2gLNZyUwUYw8MnRuJCZJVA4wAXQU0yyDdI7x5LIulZihIch2VM6h5Lju7t_YUb9m8HyBTr4dg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

e17f0091bbce5eb0f3a8b1dd678af32261ad748c55714bb69cafa60c0be90489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 8Gnfn0msMSt74DBVKaEf6nfEaikytFY4aY6Eyq_CbaVEvIpCTZiWhm4VJ_VcoFkQ3vr5I9nf83QW5yPVwyPkXg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 197ms
189ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/8Gnfn0msMSt74DBVKaEf6nfEaikytFY4aY6Eyq_CbaVEvIpCTZiWhm4VJ_VcoFkQ3vr5I9nf83QW5yPVwyPkXg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

7ddf07e39d31b21a32b5a04ed372affc2622e4cb8faa706f17bb91178c3e2d76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3596
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 O7WsSQohc9dtDn5dYay1RhrvymCogFg7Tp8VmR7adUk9M-nHdHIr4NO2oZ0inQ4CUoUVWEl2aUadPa_9F3l28A=w16
lh3.googleusercontent.com/ 4 KB
4 KB 264ms
257ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/O7WsSQohc9dtDn5dYay1RhrvymCogFg7Tp8VmR7adUk9M-nHdHIr4NO2oZ0inQ4CUoUVWEl2aUadPa_9F3l28A=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

e99b1332226c6486a8a20ed70dabcb018e623a70cca29e202a48d653a486161c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 fyRqwcDnIibGy3o7IqvRbsTOLREQrtdPL3l3jepDEXw7wgcxDUl36Y1TOwtQmuyPROeiDvqrZRSJnVWd0fRa=w16
lh3.googleusercontent.com/ 1 KB
1 KB 317ms
310ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fyRqwcDnIibGy3o7IqvRbsTOLREQrtdPL3l3jepDEXw7wgcxDUl36Y1TOwtQmuyPROeiDvqrZRSJnVWd0fRa=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

75a75114a3326f64b66896b4e47f2ebe985c53caab85e17814eaa17ed216005a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1024
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 BjDwHsLmymS2nVWzOsmC-qqAJizm0t7WYi__LBNYx8y0X920MgB2Xek0yTPaFj8AOKYwvU3tKRIUkB-st55uXg=s0
lh3.googleusercontent.com/ 43 KB
43 KB 245ms
238ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/BjDwHsLmymS2nVWzOsmC-qqAJizm0t7WYi__LBNYx8y0X920MgB2Xek0yTPaFj8AOKYwvU3tKRIUkB-st55uXg=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

132ff663ec567f9ae205298aaf3d6d16048f20750616d8b3ea174fdc4cb3ff0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43586
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 NgXG61t76q3vKpGkhuO3Ty72J8rvFyvSRG47iSXVPrUHCcgJhf55_ACxz5jAWP8vQjPdrFvGjGWjMHIH8SrO=w16
lh3.googleusercontent.com/ 4 KB
4 KB 263ms
255ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/NgXG61t76q3vKpGkhuO3Ty72J8rvFyvSRG47iSXVPrUHCcgJhf55_ACxz5jAWP8vQjPdrFvGjGWjMHIH8SrO=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

72b95405e006370e34ac6d7be5f4b185fe0d1058d43b576136d0ac5eddd88562

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 leiJwM0fehZ7GJnjZ3RF4K1wEYqTavDcCW2UwICye682ACJ-uFPSNLw9SBFSofITFP_b-wXkDSWbpBejDhWWdg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 313ms
306ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/leiJwM0fehZ7GJnjZ3RF4K1wEYqTavDcCW2UwICye682ACJ-uFPSNLw9SBFSofITFP_b-wXkDSWbpBejDhWWdg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

6de05c135e09807c1a50d1e68453a011f56ad6797d38712af1534e9343b89346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 tekYqT59tex3u7_KW2vKQ7p1NVn76NHX9FXJrSeD6CrEjhkltn3fw9pXFiNdMqjHzCi39qtXxWSnRS-P_u-u=w16
lh3.googleusercontent.com/ 4 KB
4 KB 311ms
304ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/tekYqT59tex3u7_KW2vKQ7p1NVn76NHX9FXJrSeD6CrEjhkltn3fw9pXFiNdMqjHzCi39qtXxWSnRS-P_u-u=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

fe4a6e0c7220b1a9ce45b621a0e9844db3f75b359050882bcfc3ac2f5bb9ad51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 e3F9X055zl41kZMMX8voWduaoJUNvhyOsAVH9dwhaNY2o0TNuQg5i-ICcJ-oVJEQsnMJB8-zPBDa5YZYhQbOBw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 184ms
177ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e3F9X055zl41kZMMX8voWduaoJUNvhyOsAVH9dwhaNY2o0TNuQg5i-ICcJ-oVJEQsnMJB8-zPBDa5YZYhQbOBw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

d0a6684633c6ab8da1971668ea1691819ac386ff1fe02a5ce18926028a02b726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3603
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 vtqMDLzgHZOOZVOEr15Ir9n3EzJt5gMaYi4YggOL1nq-WRYMPoHbhAfHOYocHhxXiqgpciYJ_FTJxFnPDmNZKA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 314ms
308ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vtqMDLzgHZOOZVOEr15Ir9n3EzJt5gMaYi4YggOL1nq-WRYMPoHbhAfHOYocHhxXiqgpciYJ_FTJxFnPDmNZKA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

ca5e8198626ecded4b40a5e264d6fca7d1b4663db1fdd1032b3755aeb5ccd297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3600
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 A9m2vigCxUkRSdPxWFO2fx6wQGn0S6H-5Q5RdxEJ1VFyG6FIcmBBtiLsUMNZsZcMHL36jG5rSUUyH8x2p_k-=w16
lh3.googleusercontent.com/ 4 KB
4 KB 198ms
191ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/A9m2vigCxUkRSdPxWFO2fx6wQGn0S6H-5Q5RdxEJ1VFyG6FIcmBBtiLsUMNZsZcMHL36jG5rSUUyH8x2p_k-=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

2e42ee85db205de7ee6b3e254523c734643431764b9bbc87c058e89cf474c5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3594
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 MJe7EHJPAO6wgcW3Nsb89tFvZI5pFDmomAy4BoMmsivqJwfMU0Zi6GMsouhfIVlIMXtAlKhxm-7A0eMqQhxm1kQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 229ms
222ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MJe7EHJPAO6wgcW3Nsb89tFvZI5pFDmomAy4BoMmsivqJwfMU0Zi6GMsouhfIVlIMXtAlKhxm-7A0eMqQhxm1kQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

2b89ce6bb6c3037d363dcfa4470f124a6647374c3cce4bdaf0bf07ab001b2464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 9Ics_1K6PKq9CtKSDHVgud5pwA-8sS-RZjhIis1pVaSYEqkYqzRSqvC08IOdg4pI4R6s6R7egJH8J4rzMHTmf20=w16
lh3.googleusercontent.com/ 4 KB
4 KB 192ms
186ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9Ics_1K6PKq9CtKSDHVgud5pwA-8sS-RZjhIis1pVaSYEqkYqzRSqvC08IOdg4pI4R6s6R7egJH8J4rzMHTmf20=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

2c0e68c05ab8a290014b40f848b639d52adb1eeaffebe207124f2174f60f7add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 OFff5EAVQQVU2QxAObZB_PDzvjfcrPVXpGvJgTIVUbOgmughp99vBFa9JHg97uL2Kgiwilck3yzyl3a7_KEl2A=w16
lh3.googleusercontent.com/ 3 KB
4 KB 313ms
307ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OFff5EAVQQVU2QxAObZB_PDzvjfcrPVXpGvJgTIVUbOgmughp99vBFa9JHg97uL2Kgiwilck3yzyl3a7_KEl2A=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

5c3a00eb37ad8e96072e58f6dd7ab2e708ce6406b766d71e207d46ee97aa8512

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3561
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 abQAPI6AZOQHN0aR7dfAOCWgC2ydOCtbriJVzo3PDZIm4pEGHOaPcmTPyeVRHNN7qBxuqlpuAkeU7x3_3pa0HjFAf1yVzGh8lHg=s0
lh3.googleusercontent.com/ 28 KB
28 KB 405ms
399ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/abQAPI6AZOQHN0aR7dfAOCWgC2ydOCtbriJVzo3PDZIm4pEGHOaPcmTPyeVRHNN7qBxuqlpuAkeU7x3_3pa0HjFAf1yVzGh8lHg=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

55f1deb0d20b8ef2b1b728e9c536647f1895355b61bef28abb41eb6dcec41411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28253
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:27 GMT

GET
H2 200 XtEJ2erPL3329e6piL_frCo-mHblFLj1t6iaRboik1yGovshR1yh3oriE4wTnCZYujRZA0M2WuO2kTzNU9q4GuOLd1IgPk_0Pg=s0
lh3.googleusercontent.com/ 20 KB
21 KB 327ms
320ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XtEJ2erPL3329e6piL_frCo-mHblFLj1t6iaRboik1yGovshR1yh3oriE4wTnCZYujRZA0M2WuO2kTzNU9q4GuOLd1IgPk_0Pg=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

79e703e37d0c5dbedbfad7f3f3c9607a616174a1ce152ff230895cd2062e1f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20964
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:28 GMT

GET
H2 200 NvgCQWni5zDRr3EKaDSN9UiHbYNhMqlulG7-NZWNeqftQGIykcW4Ke_wq8PW0QwomH9_suRnI97yY-ltZLyVScocKnLoPdjeC2o=s0
lh3.googleusercontent.com/ 30 KB
30 KB 409ms
403ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/NvgCQWni5zDRr3EKaDSN9UiHbYNhMqlulG7-NZWNeqftQGIykcW4Ke_wq8PW0QwomH9_suRnI97yY-ltZLyVScocKnLoPdjeC2o=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

a8eaf699085189552bba8f5057bcf969e3087d39f7830bd20c31a767f47c4dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30776
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:28 GMT

GET
H2 200 JSGTkDAlJ4brk4ot67-NKL0HtwrkgMOPcSglhblhJKRpE-FePkqJHgYn50dIJfL-OlyQsw4A5iSHLj85EtLRybGPXxLbPu1PaJc=s0
lh3.googleusercontent.com/ 23 KB
23 KB 388ms
382ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JSGTkDAlJ4brk4ot67-NKL0HtwrkgMOPcSglhblhJKRpE-FePkqJHgYn50dIJfL-OlyQsw4A5iSHLj85EtLRybGPXxLbPu1PaJc=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

592e4d1835429b83456573242ac88bb14dac49923173813eeaa78537bb7620f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23305
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:28 GMT

GET
H2 200 A-nZaVZS7eiJsOYD1iA4s72u_0-KUry9T0MxSfFDW-Y1ZnLFYNOZWPha-9RbbbhCcSkIoUq4zRosq2JCXCN9MjU=s0
lh3.googleusercontent.com/ 11 KB
11 KB 185ms
179ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/A-nZaVZS7eiJsOYD1iA4s72u_0-KUry9T0MxSfFDW-Y1ZnLFYNOZWPha-9RbbbhCcSkIoUq4zRosq2JCXCN9MjU=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

1b54b66edcb0c239350b409ff86ba3195fa5c6455b0251e76d910ba4fc091be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11370
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 4Ucgojd1zcp6yuO2c_wauKtFgWTowULeUMseH4CrMyondFLM9ja5W1n7Ri43PaIsYCO3tZn9ENQN6NixM7FExjc=w16
lh3.googleusercontent.com/ 470 B
533 B 194ms
189ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/4Ucgojd1zcp6yuO2c_wauKtFgWTowULeUMseH4CrMyondFLM9ja5W1n7Ri43PaIsYCO3tZn9ENQN6NixM7FExjc=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

6d5dce43acba1416db19f39d22d8db0dd7dd366ff39b15ca5f1752e8d7ec5d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 2aQfFx7V0PzCB3KbXxSufzBHIvQk3PeN8oFw7f_2QGIaPk5tYEgK4minX5s9PrNyY5YDcK1AlHQ6ofOs3BSgFa8=s0
lh3.googleusercontent.com/ 11 KB
11 KB 230ms
224ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/2aQfFx7V0PzCB3KbXxSufzBHIvQk3PeN8oFw7f_2QGIaPk5tYEgK4minX5s9PrNyY5YDcK1AlHQ6ofOs3BSgFa8=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

7d5beae7ebc2c7ce5cb8e194dd48e0229ab6f36e09623713865cceaac4bb4b08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11685
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 PwS1lUC3pTSJsQ9h1n9Odg_T2NC6uOiAnzrk4Vrii1mF8jK-A175kIc7009Hfw1o9PP29SA_GsWGWyshxeEZOg=w16
lh3.googleusercontent.com/ 359 B
421 B 169ms
163ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PwS1lUC3pTSJsQ9h1n9Odg_T2NC6uOiAnzrk4Vrii1mF8jK-A175kIc7009Hfw1o9PP29SA_GsWGWyshxeEZOg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

53d57168540bb85fb843de9e649053e8fbf95a30d151b5cc30c7e704b7669a69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 359
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 Mo0R9Kck1-TrUbpY-BtG8gsXL3gIjG3i38himnwoP62f_0ju1o6CqN-IjmHobFiAgOdjMMx2riIYuVDsm1fytQ=s0
lh3.googleusercontent.com/ 11 KB
11 KB 332ms
327ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Mo0R9Kck1-TrUbpY-BtG8gsXL3gIjG3i38himnwoP62f_0ju1o6CqN-IjmHobFiAgOdjMMx2riIYuVDsm1fytQ=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

96fe92f97fc2c54b47fc3a8b6ab7788ea64be5925bfeb8378cf7753b397a2778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11700
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 FpuR4uiuKkfBQT_GxFHYR0FlEFmf_u-p4VfuisNGkerYP9DGW0pNWiu0IrHp1SH2rbgNn2Tj2lyl5z84_X3fAw=w16
lh3.googleusercontent.com/ 372 B
434 B 166ms
161ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/FpuR4uiuKkfBQT_GxFHYR0FlEFmf_u-p4VfuisNGkerYP9DGW0pNWiu0IrHp1SH2rbgNn2Tj2lyl5z84_X3fAw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

b494764a83e1a3fb8c887deedf8c8a87edf40697e45f21a357fcf61d6a55c5c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 372
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 QPG4qMIXZUmQTcJ4D9xgWlLfOBJ2MKL1OO6jkx6_wpV4dGHyQg02zzKQrMc8l2uus8DJQ1Nf55YsRuyeGfBl0Q=w16
lh3.googleusercontent.com/ 4 KB
4 KB 310ms
305ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/QPG4qMIXZUmQTcJ4D9xgWlLfOBJ2MKL1OO6jkx6_wpV4dGHyQg02zzKQrMc8l2uus8DJQ1Nf55YsRuyeGfBl0Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

c9944716a10b83ea2b631e2fc091a3f4a289cdf835abcaab5b694065808092f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3595
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 cCFO7yLkSa-ts_arhdZf_aC1sOLc9hLocIvcxiHbbkrrpveLMWcf9C_H_jAEul0gdsfjzRmfW7Gs2vKgBQhr=w16
lh3.googleusercontent.com/ 4 KB
4 KB 238ms
233ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cCFO7yLkSa-ts_arhdZf_aC1sOLc9hLocIvcxiHbbkrrpveLMWcf9C_H_jAEul0gdsfjzRmfW7Gs2vKgBQhr=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

b7893a230766dd48285139bdfe35565e504f0b3b68cfc856da3dc81db307569a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3590
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 D7z2zipPmglmhTjJwZwKvXJPE-V5Rq132DXiglIwCYAMGbDn_5Rk3nGdchi8DbhhvgV0Xga_xM0HALbQJTsWJg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 199ms
194ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/D7z2zipPmglmhTjJwZwKvXJPE-V5Rq132DXiglIwCYAMGbDn_5Rk3nGdchi8DbhhvgV0Xga_xM0HALbQJTsWJg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

36dc7363f42099049f12e0c5c85c0f016832875021ba68c3d2f83045594ffac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3603
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 vVYmxK2XMUedNe4YRIfjrD_s0BT-rQJSlpuzAkX70jh8ZlmIa6UEsXe9uEj01ByAcEU6BBzoArj1ilGlQaIfNU8=w16
lh3.googleusercontent.com/ 989 B
1 KB 241ms
236ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vVYmxK2XMUedNe4YRIfjrD_s0BT-rQJSlpuzAkX70jh8ZlmIa6UEsXe9uEj01ByAcEU6BBzoArj1ilGlQaIfNU8=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

2dcf66df3032042a56e661d5be35ba4f3af5328d29e4698ee8fd0ba4b88cc932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 989
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 j_BOK0pGtIfJaRfyaVlqkJ4pXPlmfovvMhRTqPSiSOzDb7IUlPTD-jr8gbzx59rEn1f9rWVuzi_6mKak7gBIcg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 212ms
207ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/j_BOK0pGtIfJaRfyaVlqkJ4pXPlmfovvMhRTqPSiSOzDb7IUlPTD-jr8gbzx59rEn1f9rWVuzi_6mKak7gBIcg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

1e843b8b1f0971ce91d1d7e45e35e23dbb6008cdc3a859f9d42e384cf05650fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3635
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:32 GMT

GET
H2 200 XxHiFvI9dKr750--158mq_MUk86yNI22Sy6M-6moaf52Sf1OySQYP206ajfjJ7ZU7xthndzwAl_S3u1d_mlifg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 168ms
163ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XxHiFvI9dKr750--158mq_MUk86yNI22Sy6M-6moaf52Sf1OySQYP206ajfjJ7ZU7xthndzwAl_S3u1d_mlifg=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

8e689d74f8c13a43ef8a9c23c84db00756e7841b4e5e56267ad7216d8509fabe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3637
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 ibR-_UQ2KTi-8-dRq9XizRZ_OHJJAIukkqinGXXBY_dw40KzH8mN7u3xcdVpOz3BfgSGHdbu4k51Dcq8NGvdfw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 240ms
235ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ibR-_UQ2KTi-8-dRq9XizRZ_OHJJAIukkqinGXXBY_dw40KzH8mN7u3xcdVpOz3BfgSGHdbu4k51Dcq8NGvdfw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

9ca8a06fa36760ac11757bf1454f1a8dfd50150e294520a91e6864d29f7fde8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3590
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 kl8d1RT9PzBbw8I_a2DAJq5k2hQCCoPa4z_JXEd3ob4F3Y8ZZJnQDHjm-vf1CSpDz8GGu3KjjTGBrXoDDmR-tA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 253ms
249ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/kl8d1RT9PzBbw8I_a2DAJq5k2hQCCoPa4z_JXEd3ob4F3Y8ZZJnQDHjm-vf1CSpDz8GGu3KjjTGBrXoDDmR-tA=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

b860877347b5fb701c185e3040e04fecca7506822e712f1a8074554ef513925d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3633
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 KNxVkBE3HuxDJCQRRN0d5xhxT1HvdQWWdDnL6V__s4PKXbWyzHa-vjT3YJ3ffPEhr4BFVPT_jFY-vwJ911Pvgg=s0
lh3.googleusercontent.com/ 40 KB
40 KB 213ms
208ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KNxVkBE3HuxDJCQRRN0d5xhxT1HvdQWWdDnL6V__s4PKXbWyzHa-vjT3YJ3ffPEhr4BFVPT_jFY-vwJ911Pvgg=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

94052c1920fe8b6b2e791f362c8a4247e50f0abcab5e61225d3f3a2414c73a43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40953
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 xcKH-psfmH3qKpC_YGzD-RPgBOp44oRUHeUCTLvbu5SPEQgqSHJe30QmAiO1S89OPrP3HazPzNmXkx08sYax=w16
lh3.googleusercontent.com/ 3 KB
4 KB 313ms
309ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/xcKH-psfmH3qKpC_YGzD-RPgBOp44oRUHeUCTLvbu5SPEQgqSHJe30QmAiO1S89OPrP3HazPzNmXkx08sYax=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

3705afa2ba67e76379c851b704bb0db8ed87656a819209c28b63d2321343fcd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3558
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 09 Jan 2022 11:01:34 GMT

GET
H2 200 jFaEUoP8X9vaRZw6RGfJQkvUEoyN77j7jL1a2A3D7fDmi2T1hVfFiosQx1fVTMbE11R78C2crAdZN4U6jb2qpw=w16
lh3.googleusercontent.com/ 609 B
672 B 212ms
208ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/jFaEUoP8X9vaRZw6RGfJQkvUEoyN77j7jL1a2A3D7fDmi2T1hVfFiosQx1fVTMbE11R78C2crAdZN4U6jb2qpw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

64369b56b87a6a6a37ce6c800d296e77b379c49fff9cb2a556c5f8ad3ccb4b36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 609
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 elbvmbwpfj9i1ySvIdthV664QtJNM-G-UCu-3dvhJWkwIH6Uk9jTHUmHcFymUPuRYw8IJ_5JK7VzfDGUtVIC=w16
lh3.googleusercontent.com/ 3 KB
4 KB 258ms
253ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/elbvmbwpfj9i1ySvIdthV664QtJNM-G-UCu-3dvhJWkwIH6Uk9jTHUmHcFymUPuRYw8IJ_5JK7VzfDGUtVIC=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

fdeca2cfc516555aacf01d48f855898eaddc3467cbb92d8b8e30e91a61a3e409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3565
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 IefkQHAicGwTOCYg6VK3TQ6XWkKQJ_p70pZapTxpg24fxFMlOgigjkKOrxOisX-416NhZm87f4g8VdXFlfSgaQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 223ms
219ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/IefkQHAicGwTOCYg6VK3TQ6XWkKQJ_p70pZapTxpg24fxFMlOgigjkKOrxOisX-416NhZm87f4g8VdXFlfSgaQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

908362cc3d83780a006474ebea417be9ff9e9f92175e4295c990747e211507d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3759
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 hhvF0o8vq1JU8Su47GsC5kYltqwZopzco6fj8KYORAgpWwoAG_g1_T7C48ffpWXbrKQZ4E4DJNDLdCqyljY-=w16
lh3.googleusercontent.com/ 1001 B
1 KB 168ms
164ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/hhvF0o8vq1JU8Su47GsC5kYltqwZopzco6fj8KYORAgpWwoAG_g1_T7C48ffpWXbrKQZ4E4DJNDLdCqyljY-=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

38ce40f41757c9b666dbd3594af6fb2a4910f7521da1d65e697af42e6cdad7d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1001
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 uHBZZEw-Dy6jrRw8PLd2KK4ileLESptFfgRyi_eWfQSJO7O5awMFsWXdZDXBbzJFjnIdD_-KtmJytRYsFDXCc5Q=w16
lh3.googleusercontent.com/ 992 B
1 KB 260ms
256ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uHBZZEw-Dy6jrRw8PLd2KK4ileLESptFfgRyi_eWfQSJO7O5awMFsWXdZDXBbzJFjnIdD_-KtmJytRYsFDXCc5Q=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

cdf6aa48e94cc037d933692c5de29571fe81e66b73a9cc57f82614dcd25806a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 992
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 HDRZ7c0fpyrR3bPB7JuIhUELHJefeLGMFgyW2C8gvyJbxP-7kNCkwm_t9dj6walSbl6mVxQG-Rl7AnG6oM2e=w16
lh3.googleusercontent.com/ 1003 B
1 KB 239ms
234ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HDRZ7c0fpyrR3bPB7JuIhUELHJefeLGMFgyW2C8gvyJbxP-7kNCkwm_t9dj6walSbl6mVxQG-Rl7AnG6oM2e=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

c99e1eaa85d260995d9712261a68944fbf1501210fc0b72fd69286218c58a39e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1003
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H2 200 69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16
lh3.googleusercontent.com/ 402 B
484 B 169ms
166ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 24 Dec 2021 11:07:26 GMT

GET
H2 200 ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 170ms
166ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 12 Dec 2021 05:30:51 GMT

GET
H2 200 e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16
lh3.googleusercontent.com/ 402 B
487 B 159ms
156ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:14:04 GMT
x-content-type-options: nosniff
age: 2070
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 22:11:20 GMT

GET
H2 200 ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0
lh3.googleusercontent.com/ 39 KB
39 KB 126ms
122ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:14:04 GMT
x-content-type-options: nosniff
age: 2070
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39437
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 18:01:43 GMT

GET
H2 200 embed.js Show response
embed.lpcontent.net/leadboxes/current/ 42 KB
15 KB 173ms
59ms Script
application/javascript 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:44:22 GMT
content-encoding: gzip
server: Google Frontend
age: 252
etag: "uPB0kA"
content-type: application/javascript
access-control-allow-origin: *
x-cloud-trace-context: eb4cc27b69736973d21ac3520494bb0a
cache-control: public, max-age=300
alt-svc: clear
content-length: 14811
via: 1.1 google
expires: Thu, 13 Jan 2022 07:49:22 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 243ms
74ms Script
application/javascript 216.58.214.19
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.214.19 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lhr26s05-in-f19.1e100.net
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:44:02 GMT
content-encoding: gzip
server: Google Frontend
age: 272
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: b1e20e4069484dd2f87269a272a7a7ff
cache-control: public, max-age=300
content-length: 5417
expires: Thu, 13 Jan 2022 07:49:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 159 KB
53 KB 212ms
97ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ceca530b4469b61248174fd4111890059c196cd579dc3d6351aa0a5199a2e78f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53783
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 13 Jan 2022 07:48:34 GMT

GET
H2 200 iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=s16
lh3.googleusercontent.com/ 406 B
468 B 303ms
303ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=s16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

48e6569cf06d8b950da3926d80fe1528f7ebaf32cd060d43ee3d79a722cb5387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 406
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v40/ 31 KB
32 KB 210ms
72ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v40/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 03:21:25 GMT
x-content-type-options: nosniff
age: 102429
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31624
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:16:38 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 03:21:25 GMT

GET
H2 200 fa-solid-900.woff2
static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/ 78 KB
79 KB 164ms
62ms Font
font/woff2 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by: Host: static.leadpages.net
URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Request headers

Referer: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 20:22:45 GMT
via: 1.1 google
server: Google Frontend
age: 2287549
etag: "uPB0kA"
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: c7e61468bcda568830c920a754a71316
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 80148
expires: Sat, 17 Dec 2022 20:22:45 GMT

GET
H2 200 iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=w1600
lh3.googleusercontent.com/ 149 KB
149 KB 238ms
238ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=w1600

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

7b93501d3965ccc6d249f71312e04eebbab373bf305e1af92c2c668dd6eb3bdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 152335
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w470
lh3.googleusercontent.com/ 123 KB
123 KB 137ms
136ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w470

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

d6c652b770391aba1eb4c71ad06b1b858ee1f8d13152aef29cab9cd2f4e3c2b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126204
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 11 Jan 2022 07:26:19 GMT

GET
H2 200 vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w696
lh3.googleusercontent.com/ 44 KB
44 KB 120ms
119ms Image
image/jpeg 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w696

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

fife /

Resource Hash

255f497324a8823e617af3b9135771124c5a124b3d2d77ddae68e9b6a780d049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44913
x-xss-protection: 0
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame B97F 4 KB
2 KB 83ms
83ms Document
text/html 216.58.214.19
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.58.214.19 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lhr26s05-in-f19.1e100.net
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/

Response headers

x-cloud-trace-context: b8441d472f023be1ae80efff5e24254a
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Thu, 13 Jan 2022 07:46:08 GMT
expires: Thu, 13 Jan 2022 07:51:08 GMT
cache-control: public, max-age=300
age: 146
etag: "OMWYXg"
content-type: text/html

GET
H3 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 58 KB
19 KB 376ms
280ms Script
text/javascript 104.21.85.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.245 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
via: 1.1 google
cf-cache-status: MISS
last-modified: Thu, 13 Jan 2022 07:48:34 GMT
server: cloudflare
x-eflow-request-id: f6ab52d3-daeb-4c61-8cfa-a0941c0dafdd
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cokGRsHJDrpunGk%2B55Mr8doQnaTi%2FthqotHllGmgMIPoq7yZobKzEb1HfH9Nn3MSS%2Fp2z9Wae0%2B4mDfEyr8AtHieDBEYackQI0qP1KuS6iHLYSWuI9ryUMmfsu2V2xej%2FLDouzrp7n5z3qyuswh6"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
content-encoding: br
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ccd05e56ecbf298-WAW
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 207ms
73ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-frx5.fbcdn.net

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: WsLOV1Ka6KA7s+yi3uRWM+OA1/UBA6R412JoG9dfdQnHUarmy43jU/gSZvI14J2yNlKd/uGC9vKzKmoV1snHcA==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Thu, 13 Jan 2022 07:48:34 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ld.js Show response
static.criteo.com/js/ld/ 40 KB
13 KB 314ms
139ms Script
text/javascript 178.250.2.130
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.com/js/ld/ld.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: gzip
last-modified: Tue, 14 Dec 2021 12:51:58 GMT
server: nginx
etag: W/"61b8936e-9faf"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 14 Jan 2022 07:48:34 GMT

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 232ms
84ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 6V04VEP09M3V7PCM
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:08:35
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: LD9d8nA+10ZcDA41fXBnusNwbVsqtA5GvLE13ZX0//7Jsd+r/kTyz08r/oetE3yQMFnMJUSaNes=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 18:00:01 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=600
cdn-requestid: 32b8865b88e3248d6a6534a030155c9a
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 7 KB
3 KB 240ms
87ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82&f=1&r=0.489866935079839
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 46110fec7569660d11ee0a5e105369adf163ed9f64381085abbe5c63b0af92ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 Jan 2022 07:48:34 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
684 B 532ms
190ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=hZGr8CiB4GvxgUHU6eUyhA&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=wxZ2RwEBebcRs2zoJcfhFV&sid=uertQbZve6rfAZSp5Mf5Jw&cid=lp-hZGr8CiB4GvxgUHU6eUyhA&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82&rf=&rx=1600&ry=1200&tz=%2B00%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:35 GMT
Server: Stargate
access-control-max-age: 600
X-Forwarded-For: 45.141.152.68
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
x-request-id: 0240o1d3qvn7hkh0fljg

GET
H3 200 3070500746422546 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 194ms
128ms Script
application/x-javascript 185.60.216.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/3070500746422546?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-frx5.fbcdn.net

Software

Resource Hash

5fac5fb8dc418f1b927e0409ee7811fb8debdfb308fbc17ae786f7ca5f4b4219

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: pZLz0v3cYLfOOfIMAQEQcBnMXuDLZAqQz6AG/z6ZEhwtc925fJxgMnsn6hSIqYFVWNAzOg+VlCadpdRt8CqoEA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 13 Jan 2022 07:48:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 75ms
75ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: VCA1R2SZ4AWX0CTB
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:11:05
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: N5LBiQCmx8INUmh5vdqUvePSAVCk04hbGdF2qHFAG55v10/okwGZRElvAdTsY+0nfPBXhILm+ng=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:40 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d324b5f3b734fdbc111ec127c33b35f5
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 66ms
65ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: KEF06V07KQC2F98P
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 12:57:02
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: obBXz3NI+1lqoBohXjDcXOB+eq7MgUirNEE1ZVj6gUxdX/qkMBTzp0dtxgvZc9BTtR0lmkekRbU=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:40 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 75da9631b2d42f27ce41631be86efea3
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 tag-635c68fdc7bc8ea2a1d7f1a249831d6e.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 166 KB
47 KB 160ms
83ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-635c68fdc7bc8ea2a1d7f1a249831d6e.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82&f=1&r=0.489866935079839
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 36f8ebc269337df3e2eee25ca04fe31515673e3f527224fe07d957a6da2f36b0

Request headers

Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
last-modified: Wed, 12 Jan 2022 13:54:53 GMT
server: gfra1
etag: "61deddad-badd"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47837
via: 1.1 google

GET
H3 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 249ms
171ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=601261&d=go.behindthemarkets.com&u=D5CC041F6F4BB3EFF99DC1D9F0DC4DFC3&h=76adfaabda2808b73d8d55e0a5044f2f&t=false&r=0.09345606658316119

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:34 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 505ms
161ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=mn9i6FFyNGmF5KvEfZXJWh&kind=timer&label=lb_embed_embed_script_load&value=410
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:35 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 45.141.152.68
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 600
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 02413d30vqjrqv34bcs0
access-control-expose-headers: LP-Security-Token

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 236ms
74ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 821
date: Thu, 13 Jan 2022 07:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 13 Jan 2022 09:34:54 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7E2B 9 KB
4 KB 233ms
75ms Document
text/html 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: static.criteo.com
URL: https://static.criteo.com/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

133be2ab152b1c9f408e9a597430361539cf3b8255a0a92f8a8a8a885e079702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2048
date: Thu, 13 Jan 2022 07:48:34 GMT
content-length: 4161
strict-transport-security: max-age=31536000; preload;

GET
H3 200 tag-461d8e92f1343c6807e35b6821d956e0.js Show response
dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/ 99 KB
26 KB 80ms
80ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/tag-461d8e92f1343c6807e35b6821d956e0.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-635c68fdc7bc8ea2a1d7f1a249831d6e.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 76808fdce8c1369070eca797e601282535eaab85bebf2bcce41ffd84c50d4c35

Request headers

Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
last-modified: Wed, 12 Jan 2022 13:54:53 GMT
server: gfra1
etag: "61deddad-65e4"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26084
via: 1.1 google

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 1 KB
769 B 97ms
96ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=601261&settings_type=1&vn=7.0&r=0.8270070122650546&exc=2|3
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-635c68fdc7bc8ea2a1d7f1a249831d6e.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 3781c3ed74cc05814348962bb5af29842c7c12c253ce809dee9ce9f2327afd4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H3 200 worker-70faafffa0475802f5ee03ca5ff74179.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 47 KB
13 KB 76ms
76ms XHR
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-635c68fdc7bc8ea2a1d7f1a249831d6e.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: br
last-modified: Wed, 12 Jan 2022 13:54:53 GMT
server: gfra1
etag: "61deddad-351f"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13599
via: 1.1 google

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 152ms
152ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=601261&u=D5CC041F6F4BB3EFF99DC1D9F0DC4DFC3&s=1642060114&p=1&ed=%7B%22tz%22%3A%22Etc%2FUnknown%22%2C%22tO%22%3A%220%22%2C%22lt%22%3A%221642060115263%22%2C%22r%22%3A%22%22%2C%22ul%22%3A%22en-us%22%2C%22de%22%3A%22UTF-8%22%2C%22sc%22%3A%2224%22%2C%22sr%22%3A%221600x1200%22%7D&cu=https%253A%252F%252Fgo.behindthemarkets.com%252Fbtm-5g-arrow-sandia%252F%253F_ef_transaction_id%253Db48b631f4ef748379b3ca7090e8d1b8c%2526utm_source%253D82%2526utm_campaign%253D%2526utm_medium%253D%2526id%253Ddiscofatigue%252540gmail.com%2526iocid%253D%2526aff%253D82&r=0&cq=1&vn=7.0.189&vns=undefined&vno=4.0.124&eTime=1642060114264&random=0.4511930807304918

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:34 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 189ms
59ms Image
image/gif 31.13.64.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82&rl=&if=false&ts=1642060115293&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642060115291.1949074465&it=1642060114885&coo=false&exp=p1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.64.35 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-amt2.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 13 Jan 2022 07:48:35 GMT

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 7E2B 460 B
557 B 60ms
60ms Fetch
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

50db2374eb03bf94328679ff6ad7c95541ec88f2426b237ca7a09d8e31a531d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:34 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 4483
strict-transport-security: max-age=31536000; preload;
expires: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 126ms
51ms XHR
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=917014343&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82&ul=en-us&de=UTF-8&dt=World%20War%205G&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=457721638&gjid=1634229912&cid=611629484.1642060115&tid=UA-102395123-1&_gid=822932479.1642060115&_r=1&gtm=2wg1a0WNRH3TX&cd1=82&cd2=b48b631f4ef748379b3ca7090e8d1b8c&cd3=false&cd4=false&z=1035039057

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 85 B
889 B 201ms
200ms Fetch
application/json 104.21.85.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=1645b1b280554ccefc7957712a9806f4&_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&oid=&affid=&__cc=&async=json
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.245 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3901b158d5dd073322290f524eb9f43a7ecdb95e42810c512e78602dbb055ad3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:35 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-eflow-request-id: 0fef538a-ff99-431f-8dcd-522ce5c013b2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPi3rnY%2FL5XoDkRbmMBPoiO9sTbMInjxF0BYIEFI5hlie2%2BVaI6YL0z%2F05W9OuXm1ha5TC8lkQXDH6%2FlHFnTSkQL%2FEgK99vTAU%2BtvCfZAChugInrDYEjBLvUlhb8LgkBHWbI4zstfIMRdNzs0Xc1"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
content-encoding: br
access-control-allow-credentials: true
cf-ray: 6ccd05e99e7cf298-WAW
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2

200

event Show response
widget.us.criteo.com/
Redirect Chain

https://sslwidget.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkh...
https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkh...

7 KB
8 KB

327ms
119ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkhvZ2NyZkt5dUJ0V0NqR0Zneng4Q1IyZDFWJTJGMGpHMWl3MDJWUXNDJTJGWWpyUzVOTU5yWlVqWk5nd3FQeDFSSlAzWTNpNHR4bm5mZ2U0JTJGT2tMeVNqdzhFbGs3YkNXVGgzcnBRU25mdnYlMkZIcW5BSVpiWTNXRW90Q2clMkIxWWFXVDhMSHl3akwwN2xtbndFWkFvOVNKSldpOTRDakElM0Q&tld=behindthemarkets.com&dtycbr=19877

Requested by

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

d4c681d944d268255bf7694ad162cb43c7f02aeeb3b0bd8d5375937278a70e91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
content-type: application/x-javascript
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 16485381
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkhvZ2NyZkt5dUJ0V0NqR0Zneng4Q1IyZDFWJTJGMGpHMWl3MDJWUXNDJTJGWWpyUzVOTU5yWlVqWk5nd3FQeDFSSlAzWTNpNHR4bm5mZ2U0JTJGT2tMeVNqdzhFbGs3YkNXVGgzcnBRU25mdnYlMkZIcW5BSVpiWTNXRW90Q2clMkIxWWFXVDhMSHl3akwwN2xtbndFWkFvOVNKSldpOTRDakElM0Q&tld=behindthemarkets.com&dtycbr=19877
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4772116
timing-allow-origin: *
content-length: 0
expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 85ms
23ms XHR
text/plain 64.233.167.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102395123-1&cid=611629484.1642060115&jid=457721638&gjid=1634229912&_gid=822932479.1642060115&_u=YEBAAEAAAAAAAC~&z=1619527733

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.167.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wl-in-f157.1e100.net

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 13 Jan 2022 07:48:35 GMT
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 78ms
31ms Image
image/gif 142.250.186.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=611629484.1642060115&jid=457721638&_u=YEBAAEAAAAAAAC~&z=1872503516

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 76ms
29ms Image
image/gif 142.251.36.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=611629484.1642060115&jid=457721638&_u=YEBAAEAAAAAAAC~&z=1872503516

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.36.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams17s12-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 42ms
20ms Image
image/gif 31.13.64.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=Microdata&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82&rl=&if=false&ts=1642060115806&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22World%20War%205G%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22World%20War%205G%22%2C%22og%3Adescription%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1642060115291.1949074465&it=1642060114885&coo=false&es=automatic&tm=3&exp=p1&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.64.35 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-amt2.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:35 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Thu, 13 Jan 2022 07:48:35 GMT

GET
BLOB 200
OK 853b8626-6bc9-4c89-a721-2b4251cbe59f
https://go.behindthemarkets.com/ 47 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://go.behindthemarkets.com/853b8626-6bc9-4c89-a721-2b4251cbe59f
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=b48b631f4ef748379b3ca7090e8d1b8c&utm_source=82&utm_campaign=&utm_medium=&id=discofatigue%40gmail.com&iocid=&aff=82
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 47679
Content-Type: text/javascript

POST
H2 200 / Show response
sumo.com/api/load/ 875 B
1 KB 571ms
204ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

a41fbc6f047bff27d48bb7f9131524c1ec2fa41f5f43b339830e77f94d3f3e25

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 875

GET
H2

200

397596.gif
idsync.rlcdn.com/ Frame B628
Redirect Chain

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397596.gif?partner_uid=fdCxHBvIh-kE1gyJ0Mk_gWj8ANxbq7ay

42 B
417 B

106ms
40ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397596.gif?partner_uid=fdCxHBvIh-kE1gyJ0Mk_gWj8ANxbq7ay
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 13 Jan 2022 07:48:36 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397596.gif?partner_uid=fdCxHBvIh-kE1gyJ0Mk_gWj8ANxbq7ay
date: Thu, 13 Jan 2022 07:48:35 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2587
content-length: 197
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame B628
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1valRfSXZic0dELXVJeTBjMk1zNjgweUc3Vll1dHRvUEpXdWZYZw
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay1valRfSXZic0dELXVJeTBjMk1zNjgweUc3Vll1dHRvUEpXdWZYZw&google_tc=
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
369 B

52ms
52ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 216836
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

/
partner.mediawallahscript.com/ Frame B628
Redirect Chain

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-ojT_IvbsGD-uIy0c2Ms680yG7VYuttoPJWufXg&custom=&tag_format=img&tag_action=sync&custom=&cb=87733797-a981-465a-8a74-e623cb3...
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-ojT_IvbsGD-uIy0c2Ms680yG7VYuttoPJWufXg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=87733797-a981-465...

0
638 B

67ms
67ms

Image
text/plain

54.155.208.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-ojT_IvbsGD-uIy0c2Ms680yG7VYuttoPJWufXg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=87733797-a981-465a-8a74-e623cb3ac4c9&final=true&reqid=36b59cc0-7445-11ec-85eb-ef7e273bfbed&timestamp=2022-01-13T07%3A48%3A36.108Z
Protocol: HTTP/1.1
Server: 54.155.208.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-208-14.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:36 GMT
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Server: nginx/1.18.0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 13 Jan 2022 07:48:36 GMT
Server: nginx/1.18.0
Vary: Accept, Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /?account_id=1043&partner_id=1048&uid=k-ojT_IvbsGD-uIy0c2Ms680yG7VYuttoPJWufXg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=87733797-a981-465a-8a74-e623cb3ac4c9&final=true&reqid=36b59cc0-7445-11ec-85eb-ef7e273bfbed&timestamp=2022-01-13T07%3A48%3A36.108Z
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 294
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 204 v1
ads.yahoo.com/cms/ Frame B628 0
447 B 70ms
25ms Image
text/plain 87.248.118.22
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.22 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

e1.ycpi.vip.deb.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:35 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame B628 43 B
716 B 298ms
66ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Thu, 13 Jan 2022 07:48:36 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame B628
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-aiJURvbsGD-uIy0c2Ms680yG7VYDUvOb8dPhYA
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-aiJURvbsGD-uIy0c2Ms680yG7VYDUvOb8dPhYA&verify=true

0
147 B

23ms
23ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-aiJURvbsGD-uIy0c2Ms680yG7VYDUvOb8dPhYA&verify=true

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-aiJURvbsGD-uIy0c2Ms680yG7VYDUvOb8dPhYA&verify=true
date: Thu, 13 Jan 2022 07:48:35 GMT
server: ATS/9.1.0.33
age: 2
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame B628 0
476 B 536ms
159ms Image
text/plain 50.31.142.63
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-H1PBoPbsGD-uIy0c2Ms680yG7VbR5jAnagUhww
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 50.31.142.63 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: chi.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:36 GMT
Cache-Control: no-cache
X-TraceId: 1ef127dcd3795de768fe149fb8ed1390
Content-Length: 0

GET
H2 204 t.gif
cw.addthis.com/ Frame B628 0
428 B 289ms
196ms Image
text/plain 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-AqYfI_bsGD-uIy0c2Ms680yG7VYurE31Jx2KcA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 13 Jan 2022 07:48:36 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame B628 0
239 B 1098ms
551ms Image
image/gif 8.39.36.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-AqYfI_bsGD-uIy0c2Ms680yG7VYurE31Jx2KcA&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 8.39.36.141 Los Angeles, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 0963d041a95f271fbba7f411adc03573
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame B628
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-oiaQDfbsGD-uIy0c2Ms680yG7VZthRanon2bBw&seg=95287
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-oiaQDfbsGD-uIy0c2Ms680yG7VZthRanon2bBw%26seg%3D95287

43 B
1 KB

31ms
31ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-oiaQDfbsGD-uIy0c2Ms680yG7VZthRanon2bBw%26seg%3D95287

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 13 Jan 2022 07:48:36 GMT
X-Proxy-Origin: 45.141.152.68; 45.141.152.68; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: d41bb1a2-f3d7-4619-bbf3-bb901a6c57cb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 13 Jan 2022 07:48:36 GMT
X-Proxy-Origin: 45.141.152.68; 45.141.152.68; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 25f92c36-3ec2-4986-8918-96cd8537db05
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-oiaQDfbsGD-uIy0c2Ms680yG7VZthRanon2bBw%26seg%3D95287
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame B628 42 B
676 B 101ms
32ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-KvuQ9_bsGD-uIy0c2Ms680yG7VZbQJFDaQP3Kg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug026:0:556
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

xuid
eb2.3lift.com/ Frame B628
Redirect Chain

https://eb2.3lift.com/xuid?mid=2711&xuid=k-DDRBO_bsGD-uIy0c2Ms680yG7VY0qTw17R9p4w&dongle=013b
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-DDRBO_bsGD-uIy0c2Ms680yG7VY0qTw17R9p4w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

37 B
353 B

41ms
41ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-DDRBO_bsGD-uIy0c2Ms680yG7VY0qTw17R9p4w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2711&xuid=k-DDRBO_bsGD-uIy0c2Ms680yG7VY0qTw17R9p4w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date: Thu, 13 Jan 2022 07:48:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 cksync.php
contextual.media.net/ Frame B628 45 B
782 B 195ms
64ms Image
image/gif 184.30.24.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-WnNty_bsGD-uIy0c2Ms680yG7VbBnlYx2ZEG0A

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.22 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Thu, 13 Jan 2022 07:48:36 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 13 Jan 2022 07:48:36 GMT

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame B628
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA&C=1

43 B
1 KB

53ms
53ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 13 Jan 2022 07:48:36 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 13 Jan 2022 07:48:36 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 13 Jan 2022 07:48:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 296
Expires: Thu, 13 Jan 2022 07:48:36 GMT

GET
H2 204 /
s.ad.smaato.net/c/ Frame B628 0
239 B 112ms
39ms Image
text/plain 13.32.22.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-pcVmmPbsGD-uIy0c2Ms680yG7VbtqJITyRz5rQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.22.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-22-28.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
via: 1.1 1ee1abe42f3acbda66e5d1252319566a.cloudfront.net (CloudFront)
server: CloudFront
cache-control: no-cache, must-revalidate
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: RUO_fdW9GL1XJa5rWoBT6W04xp13e9Pp6WLZ8p-VXhhCWzuUzTcnww==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame B628
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-wm3KyvbsGD-uIy0c2Ms680yG7VbY2nGJ6U01fw&expires=30&user_group=5
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-wm3KyvbsGD-uIy0c2Ms680yG7VbY2nGJ6U01fw&expires=30&user_group=5

43 B
495 B

50ms
50ms

Image
image/gif

3.122.13.237
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-wm3KyvbsGD-uIy0c2Ms680yG7VbY2nGJ6U01fw&expires=30&user_group=5
Protocol: HTTP/1.1
Server: 3.122.13.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-13-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-wm3KyvbsGD-uIy0c2Ms680yG7VbY2nGJ6U01fw&expires=30&user_group=5
Date: Thu, 13 Jan 2022 07:48:36 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 pixel_sync
trends.revcontent.com/cm/ Frame B628 35 B
337 B 214ms
77ms Image
image/gif 52.210.237.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trends.revcontent.com/cm/pixel_sync?bidder=151&bidder_uid=k-RcHeF_bsGD-uIy0c2Ms680yG7VaGIuZGECT3ug
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.237.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-237-91.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
x-powered-by: Express
content-length: 35
content-type: image/gif

GET
H2 200 um
criteo-sync.teads.tv/ Frame B628 23 B
172 B 340ms
119ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-Ea351PbsGD-uIy0c2Ms680yG7VbyXlBfqSCcQw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 13 Jan 2022 07:48:36 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame B628 0
231 B 140ms
52ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-tmNJ4fbsGD-uIy0c2Ms680yG7VZOF3EgPZejuQ
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 44169

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame B628 43 B
163 B 174ms
56ms Image
image/gif 185.86.137.131
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-vuTi3vbsGD-uIy0c2Ms680yG7Vbe9ooa_f-lhQ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 v1
match.sharethrough.com/sync/ Frame B628 68 B
264 B 168ms
47ms Image
image/png 52.29.70.185
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-PVjIyfbsGD-uIy0c2Ms680yG7VYNjpilI2VNEA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.70.185 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-70-185.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
content-length: 68
content-type: image/png

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame B628
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-Z-1UF_bsGD-uIy0c2Ms680yG7VYgk_TlVcF_sA
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-Z-1UF_bsGD-uIy0c2Ms680yG7VYgk_TlVcF_sA

43 B
446 B

57ms
57ms

Image
image/gif

52.28.181.192
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-Z-1UF_bsGD-uIy0c2Ms680yG7VYgk_TlVcF_sA
Protocol: H2
Server: 52.28.181.192 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-181-192.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 13 Jan 2022 07:48:36 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-Z-1UF_bsGD-uIy0c2Ms680yG7VYgk_TlVcF_sA
date: Thu, 13 Jan 2022 07:48:36 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

28292
i6.liadm.com/s/ Frame B628
Redirect Chain

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA&_li_chk=true&previous_uuid=1298240cea60498db8933fa981c55597
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA

43 B
285 B

371ms
134ms

Image
image/gif

52.86.125.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA

Protocol

HTTP/1.1

Server

52.86.125.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-86-125-50.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:37 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: fe9e954ee03a4b17
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-FZneO_bsGD-uIy0c2Ms680yG7VZwhHcLteb4CA
Date: Thu, 13 Jan 2022 07:48:37 GMT
Connection: keep-alive
trace-id: 2545ba6a58957ce3
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 200 1017
jadserve.postrelease.com/suid/ Frame B628 43 B
428 B 651ms
206ms Image
image/gif 184.169.240.186
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1017?vk=k-phJ3ZPbsGD-uIy0c2Ms680yG7VaqXVJR_bF3FQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 184.169.240.186 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-184-169-240-186.us-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55945/ Frame B628
Redirect Chain

https://pixel.advertising.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1
https://pixel.advertising.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1&apid=UP36f9aab4-7445-11ec-bb0e-0680aff4cac6

0
593 B

79ms
79ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1&apid=UP36f9aab4-7445-11ec-bb0e-0680aff4cac6

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ICVUePbsGD-uIy0c2Ms680yG7VaxgWixg2aMnA&_origin=1&apid=UP36f9aab4-7445-11ec-bb0e-0680aff4cac6
date: Thu, 13 Jan 2022 07:48:36 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame B628 43 B
183 B 494ms
158ms Image
image/gif 52.202.196.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-P8BoTPbsGD-uIy0c2Ms680yG7VbosV4wE6DB8A
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.196.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-196-233.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:36 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H/1.1

200
OK

empty.gif
cdn.stickyadstv.com/one-shot/ Frame B628
Redirect Chain

https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-PUFUJfbsGD-uIy0c2Ms680yG7VYojtdPjFos9Q&redirectId=69
https://cdn.stickyadstv.com/one-shot/empty.gif?

43 B
438 B

499ms
11ms

Image
image/gif

205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.stickyadstv.com/one-shot/empty.gif?
Protocol: HTTP/1.1
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:37 GMT
Last-Modified: Thu, 28 Feb 2013 15:45:35 GMT
ETag: "1362066335"
X-HW: 1642060116.dop145.fr8.t,1642060117.cds217.fr8.shn,1642060117.cds217.fr8.c
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 43

Redirect headers

Pragma: no-cache
Date: Thu, 13 Jan 2022 07:48:36 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cdn.stickyadstv.com/one-shot/empty.gif?
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1642060116537057-402
Expires: Thu, 13 Jan 2022 07:48:36 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame B628 43 B
220 B 1043ms
109ms Image
image/gif 52.0.188.249
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-HHF9UPbsGD-uIy0c2Ms680yG7VbJfhNXTgkbEQ&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.188.249 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-188-249.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 13 Jan 2022 07:48:37 GMT
content-type: image/gif
content-length: 43
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H2 200 c.gif
c.bing.com/ Frame B628 42 B
595 B 276ms
105ms Image
image/gif 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?Red3=CTOMS_pd&cbid=k-uiEutfbsGD-uIy0c2Ms680yG7VZbItusKdE8hg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:36 GMT
etag: "f95a3e4769d2d71:0"
last-modified: Fri, 05 Nov 2021 17:19:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B0E0347859BF45A1A19517C0AB6BA68F Ref B: MAN30EDGE0514 Ref C: 2022-01-13T07:48:36Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
355 B 175ms
175ms Image
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=44,325,323,693,167,697,1183,1184,2791,2805
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:36 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 45.141.152.68
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 0240o1o188h567gbe130

POST
H2 200 analyze Show response
r3.visualwebsiteoptimizer.com/ 0
143 B 644ms
150ms XHR
application/javascript 35.194.81.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://r3.visualwebsiteoptimizer.com/analyze?_a=601261&_u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Db48b631f4ef748379b3ca7090e8d1b8c%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Ddiscofatigue%2540gmail.com%26iocid%3D%26aff%3D82
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/tag-461d8e92f1343c6807e35b6821d956e0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.194.81.74 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 74.81.194.35.bc.googleusercontent.com
Software: r3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFYEaxIUBt0XweB48

Response headers

access-control-allow-origin: *
date: Thu, 13 Jan 2022 07:48:36 GMT
content-encoding: gzip
server: r3
content-type: application/javascript; charset=UTF-8

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/cdb/ Frame B628
Redirect Chain

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%25...
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/iZcTq3vSe5BpF8Rw36Up7qmZdTwp8U7M/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_...
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2541928525566074600

43 B
370 B

58ms
58ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2541928525566074600

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2272594
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2541928525566074600
pragma: no-cache
date: Thu, 13 Jan 2022 07:48:35 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 223ms
222ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Origin: https://go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 13 Jan 2022 07:48:36 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

POST
H2 200 services Show response
sumo.com/ 205 B
606 B 855ms
855ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: pC4usngYGcyFHiyayncyz8NE
Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 205

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 23ms
22ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: GB3K5C232TDGG8Y1
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:08:37
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: bqHu7hfZp9jUAqk7l2pJEntmVaP/Yh1ZNMWlA/QYb6PRqYjLnfRxC1NwNwBRawFF3ohHFh9gudE=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:38 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 202f6aa2af297f782f62507b4967a8b6
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 37ms
36ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: X9X0Q3TBADQ2JV5V
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:08:49
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Af50bRUdN604RnFs/jVr4/C5AvsTn345ns/6uz4QKiXt/pW9p5+LDnndXIz0jkq4TV2nrd64ArY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:17 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 6ffbe17afbf9c06763a9aa836e3e1a9e
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 76ms
75ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: H8FR6C41AW2TQKE5
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:09:43
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: TMouNBhhU96Fh3t0LtK9YLK+8iamSLTQwqxJB4r+0AN/zKaP4C+IlcGLSwEKrZr02CCsj54eRdw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:02 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"6bfdf1ae8492f107706ac037915be663"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: d98d81ad45c241aa901018619e69266e
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 35ms
34ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 3TY6FT7Q3HVDDJSK
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 07:23:23
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: XYFt4vXJczgiusbgwFGvPgx/9u3IKglnAhuIXxIM5J554lgS+dloVZpJKQvHO9hQMmwNZYXQ+Rg=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:58:50 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"fc263e7087822a0b00ff93677d6df4ea"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 307d2613f88667a0fa6920dd0bd1ad54
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 54ms
53ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ZZT9GNAK5XMKD48T
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 07:23:22
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 2KeA1skXaSGp/3HPNkEAGnrLC1fyAMeGA24ppXxwHJoZ5DknWrMdJX1YoQEwv6PLinuiYUf54Mw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:04 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"8af82c4c30a069f66de02526c2f332af"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 6be311854b96e05c85372bc6bac8b412
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 38ms
37ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: DP2G3NAFAGBN2F37
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:08:33
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: inaurtgXZ8qPhXlvBSWiuk1crvMa5b3svZsZ/p8YxBRUC9I3EdU2PB23ZfQlef1/RxBcSXtlU8g=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:04 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 3df9c7b9f687486d5433c03cb8eddd65
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 53ms
53ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 3MERYWNDW994K7SQ
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:09:43
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZQBMTnj7uzLOuY0CxZoiQNpN/cS80vs8+CVVTmwmswsomKzup1W5ibYZD8omni03rfbk8GGftp4=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:03 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 0ec54d42ed1f744f8613a34c6f5cd046
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 54ms
53ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ZEHTF7CV5WK4DTFT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 08:54:01
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: lhUzg0Wfbx6BRtsDpUJ1EZ4yCKLYXmrPtk50js+tobEcek2i2rm56nUJeotO1FV6OkFgq2E9NXo=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:35 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"d200986501135078d1fbd7f480e7bb08"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: a416ba230eb49445a3e2f392f3473dc2
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 43ms
43ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: VZBPYECY6K84GGCD
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:08:34
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: S4VngB/xw39zU3U1NcJhGWOU0dr1m1Ea8BCayAGzCNS4PpYNFEUkqUAEfwlGEE+A8YUUmcOD6Mk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:58:49 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"31baf056af3800bbd6e4f9e8b445d052"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: f8694ec326eea1f0d2aa135100aace9f
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 44ms
43ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: DP2GNTM6R7Z1VSHM
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:08:33
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: u0fVf7rnkapsxIWRnokxfRvVXWrHNmlTCMW/ieDV/eO4N6RmDVEVLwXzaOxP04B47xKxeFVEcIY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:57 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"f33273f5c8e8dd3d010a11b209891b91"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 146bb836a84632a7a99cf807d087071c
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
993 B 48ms
47ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:48:37 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: TMYVPHGB1CSE6Q7T
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 12/27/2021 13:09:45
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: v1zJ9FnYmBr+dgZ+g4vOthTjpQ9asM8m4ee9XS8uFCiqmgQYz4zOUTwoxyTNnNU37L7o8ugoXOI=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:58 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"857476cf6e94c14c223d4481353b4c19"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=31536000
cdn-requestid: 69287e59068bb7ba89e772011879121f
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 31 KB
1 KB 126ms
63ms Stylesheet
text/css 216.58.212.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f10.1e100.net

Software

ESF /

Resource Hash

49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 07:43:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 13 Jan 2022 07:48:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Jan 2022 07:48:37 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 220ms
220ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Sumo-Auth: pC4usngYGcyFHiyayncyz8NE

Response headers

date: Thu, 13 Jan 2022 07:48:38 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 184ms
184ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 13 Jan 2022 07:48:37 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 161ms
161ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=cRmH5tT9uSKryfhMk6Jj5T&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=394.8000011444092,109,1,533.2000007629395
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 07:48:39 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 45.141.152.68
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 600
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 0240o2e1rnmtrtfci3lg
access-control-expose-headers: LP-Security-Token

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

73 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-20 00:09:06	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.hZGr8CiB4GvxgUHU6eUyhA Value: 1642060115000
go.behindthemarkets.com/btm-5g-arrow-sandia	1970-01-20 00:50:52	Name: __smVID Value: 32aabca1b2b4986380d9dc01151eec4edaec049e66a8c752ef268ea67e5205ef
i.liadm.com/s	1970-01-20 00:50:52	Name: _li_ss Value: MgkI_____wcQqxE
.incomeinvestinginsider.com/	1970-01-20 08:53:16	Name: iterableEndUserId Value: discofatigue%40gmail.com
.incomeinvestinginsider.com/	1970-01-20 00:09:06	Name: iterableEmailCampaignId Value: 3502751
.incomeinvestinginsider.com/	1970-01-20 00:09:06	Name: iterableTemplateId Value: 4777924
.incomeinvestinginsider.com/	1970-01-20 00:09:06	Name: iterableMessageId Value: 39ed9ecb4e514b92997ebe0d3803a43b
links.b.incomeinvestinginsider.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: 60fe9dede9bc7d2874fcdee458832e04f45502f5-1642060111055-2d7220722cce7cc599dcae47
.clkmg.com/	1970-01-20 08:53:16	Name: vid Value: 698455714
.behindthemarkets.com/	1970-01-20 02:17:16	Name: _gcl_au Value: 1.1.1237986431.1642060115
js.center.io/	1978-01-11 21:31:40	Name: centerVisitorId Value: wxZ2RwEBebcRs2zoJcfhFV
.go.behindthemarkets.com/	1970-01-20 08:54:42	Name: _vwo_uuid_v2 Value: D5CC041F6F4BB3EFF99DC1D9F0DC4DFC3\|76adfaabda2808b73d8d55e0a5044f2f
.behindthemarkets.com/	1970-01-20 02:31:40	Name: _vis_opt_s Value: 1%7C
.behindthemarkets.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.behindthemarkets.com/	1970-01-23 15:43:40	Name: _vwo_uuid Value: D5CC041F6F4BB3EFF99DC1D9F0DC4DFC3
.behindthemarkets.com/	1970-01-20 00:07:41	Name: _vwo_sn Value: 0%3A1%3Ar3.visualwebsiteoptimizer.com%3A1%3A1
.behindthemarkets.com/	1970-01-20 00:50:52	Name: _vwo_ds Value: 3%3At_1%2Ca_1%3A0%241642060114%3A40.53480878%3A%3A%3A3_1%2C2_1%3A0
.behindthemarkets.com/	1970-01-20 02:17:16	Name: _fbp Value: fb.1.1642060115291.1949074465
.criteo.com/	1970-01-20 09:29:16	Name: uid Value: 4fcda3c6-04ab-4a76-8a70-82ae91c9efbd
.behindthemarkets.com/	1970-01-20 17:38:52	Name: _ga Value: GA1.2.611629484.1642060115
.behindthemarkets.com/	1970-01-20 00:09:06	Name: _gid Value: GA1.2.822932479.1642060115
.behindthemarkets.com/	1970-01-20 00:07:40	Name: _gat_UA-102395123-1 Value: 1
.behindthemarkets.com/	1970-01-20 09:37:04	Name: cto_bundle Value: 0ppC4l80VVglMkZaekxldHY4T3lnTTg4bkhvZ2NyZkt5dUJ0V0NqR0Zneng4Q1IyZDFWJTJGMGpHMWl3MDJWUXNDJTJGWWpyUzVOTU5yWlVqWk5nd3FQeDFSSlAzWTNpNHR4bm5mZ2U0JTJGT2tMeVNqdzhFbGs3YkNXVGgzcnBRU25mdnYlMkZIcW5BSVpiWTNXRW90Q2clMkIxWWFXVDhMSHl3akwwN2xtbndFWkFvOVNKSldpOTRDakElM0Q
go.behindthemarkets.com/	1970-01-20 00:50:52	Name: ef_tid_c_o_3 Value: b48b631f4ef748379b3ca7090e8d1b8c
go.behindthemarkets.com/	1970-01-20 00:50:52	Name: ef_tid_c_a_2 Value: b48b631f4ef748379b3ca7090e8d1b8c
.pubmatic.com/	1970-01-20 00:50:52	Name: KRTBCOOKIE_97 Value: 3385-uid:k-KvuQ9_bsGD-uIy0c2Ms680yG7VZbQJFDaQP3Kg&KRTB&23286-uid:k-KvuQ9_bsGD-uIy0c2Ms680yG7VZbQJFDaQP3Kg&KRTB&23287-uid:k-KvuQ9_bsGD-uIy0c2Ms680yG7VZbQJFDaQP3Kg&KRTB&23288-uid:k-KvuQ9_bsGD-uIy0c2Ms680yG7VZbQJFDaQP3Kg
.pubmatic.com/	1970-01-20 00:50:52	Name: PugT Value: 1642060116
.pubmatic.com/	1970-01-20 02:17:16	Name: PUBMDCID Value: 3
.adnxs.com/	1970-01-20 02:17:16	Name: uuid2 Value: 3371730702842494215
.rlcdn.com/	1970-01-20 08:53:16	Name: rlas3 Value: R2VwjHoxtz3DL3CnCL5GUCzOCs1jI2dkZy2KL1Cbtdo=
.rlcdn.com/	1970-01-20 01:34:04	Name: pxrc Value: CAA=
.adnxs.com/	1970-01-20 02:17:16	Name: anj Value: dTM7k!M4/rCxrEQF']wIg2GVIq.fgp!]tbPl@/D!9hy6]/Cr+p4KV9(2_MG^:GYiUiRM8fa*NuEX`Q]^2C3xC0t!EBhVCt:Bn@h'x-aaw%nugO%v4VB%nr7l+kTh[
.doubleclick.net/	1970-01-20 09:29:16	Name: IDE Value: AHWqTUlLEQgqbEBy1BK-qJxbQFdeCyGBwfvWGJixaKUpoTBZqMPVNfjfoPpPAWfEEDw
.mediawallahscript.com/	1970-01-20 17:38:52	Name: mCookie Value: 36bf60c0-7445-11ec-abf2-e767c9321a65
.mediawallahscript.com/	1970-01-20 17:38:52	Name: mUserCookie Value: %7B%22undefined%22%3A%5B%22%22%2C%22%22%2C%22%22%5D%7D
.3lift.com/	1970-01-20 02:17:16	Name: tluid Value: 11774958354885540238
.addthis.com/	1970-01-20 09:29:16	Name: ouid Value: 61dfd954000131ab468ebcede38d0f952cabf900ec076b81835f
.addthis.com/	1970-01-20 09:29:16	Name: uid Value: 61dfd954854aa3db
.addthis.com/	1970-01-20 09:29:16	Name: na_id Value: 2022011307483610600188824109
.media.net/	1970-01-20 08:53:16	Name: visitor-id Value: 2850617165427605000V10
.media.net/	1970-01-20 00:50:52	Name: data-c-ts Value: 1642060116
.media.net/	1970-01-20 00:50:52	Name: data-c Value: k-WnNty_bsGD-uIy0c2Ms680yG7VbBnlYx2ZEG0A~~3
.yahoo.com/	1970-01-20 08:53:37	Name: A3 Value: d=AQABBFTZ32ECEBAT6yhNoNipMAYHvIM-6_IFEgEBAQEq4WHpYQAAAAAA_eMAAA&S=AQAAAgiH4tIY73bqR0cIbR8e7eA
.casalemedia.com/	1970-01-20 08:53:16	Name: CMID Value: Yd-ZVC28ZhL00PBnCT8CwwAA
.casalemedia.com/	1970-01-20 02:17:16	Name: CMPS Value: 3184
.casalemedia.com/	1970-01-20 02:17:16	Name: CMPRO Value: 1135
.casalemedia.com/	1970-01-20 00:09:06	Name: CMST Value: Yd-ZVGHf2VQA
.casalemedia.com/	1970-01-20 08:53:16	Name: CMRUM3 Value: 1461dfd9542760k-6Zhg0PbsGD-uIy0c2Ms680yG7Vai5StfO5cYDA
.turn.com/	1970-01-20 04:26:52	Name: uid Value: 2541928525566074600
.bidswitch.net/	1970-01-20 08:53:16	Name: tuuid Value: 1ce819f9-d69a-4572-8f21-7e020d661474
.bidswitch.net/	1970-01-20 08:53:16	Name: c Value: 1642060116
.bidswitch.net/	1970-01-20 08:53:16	Name: tuuid_lu Value: 1642060116
.taboola.com/	1970-01-20 08:53:16	Name: t_gid Value: 907b26c3-c383-4d0a-a1e8-dad86d270b52-tuct8d95ed4
.360yield.com/	1970-01-20 02:17:16	Name: tuuid Value: d6734289-8715-43e9-873e-a025714bc499
.360yield.com/	1970-01-20 02:17:16	Name: tuuid_lu Value: 1642060116
.sharethrough.com/	1970-01-20 08:53:16	Name: stx_user_id Value: eba1bb3f-ff63-449d-9316-1eed35fa949f
.revcontent.com/	1970-02-07 06:07:40	Name: __ID Value: e676f474def64101a91d1b09d679a95b
.revcontent.com/	1970-01-20 00:50:52	Name: v1_151 Value: 1
.360yield.com/	1970-01-20 02:17:16	Name: um Value: !38,XbtbyTHD9lDR-ejG.0jVU3.jNWcJ.BbztJSv1tgdtM4tcLCPi74hXlc8EhWEAy-3Dlxe0O0V,1649836116
.360yield.com/	1970-01-20 02:17:16	Name: umeh Value: !38,0,1704268116,-1
.outbrain.com/	1970-01-20 02:17:16	Name: obuid Value: 4fe31390-1fc0-47da-8057-210ab42216aa
.outbrain.com/	1970-01-20 00:50:52	Name: criteo Value: k-H1PBoPbsGD-uIy0c2Ms680yG7VbR5jAnagUhww
go.behindthemarkets.com/	1970-01-20 08:53:16	Name: __smToken Value: pC4usngYGcyFHiyayncyz8NE
.advertising.com/	1970-01-20 08:54:42	Name: APID Value: UP36f9aab4-7445-11ec-bb0e-0680aff4cac6
ads.stickyadstv.com/	1970-01-20 00:50:52	Name: UID Value: 9c5c68695bc52f4d4c42a9a7cb172b3
ads.stickyadstv.com/	1970-01-20 00:50:52	Name: uid-bp-11554 Value: k-PUFUJfbsGD-uIy0c2Ms680yG7VYojtdPjFos9Q
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 3328b0e6f3377fe29f219abea451ac4
.bing.com/	1970-01-20 09:29:16	Name: MUID Value: 244585556BA16BDC3471947E6AF96AAC
.analytics.yahoo.com/	1970-01-20 08:54:42	Name: IDSYNC Value: "18zh~22mv:1761~22mv"
.yahoo.com/	1970-01-20 00:34:33	Name: APID Value: UP36f9aab4-7445-11ec-bb0e-0680aff4cac6
.yahoo.com/	1970-01-20 00:09:06	Name: APIDTS Value: 1642060116
.postrelease.com/	1970-01-20 08:53:16	Name: opt_out Value: 1
.liadm.com/	1970-01-20 17:38:52	Name: lidid Value: 1298240c-ea60-498d-b893-3fa981c55597

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ads.stickyadstv.com
ads.yahoo.com
api.leadpages.io
c.bing.com
cdn.stickyadstv.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
cw.addthis.com
d.turn.com
dev.visualwebsiteoptimizer.com
dis.criteo.com
eb2.3lift.com
embed.lpcontent.net
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
i.liadm.com
i6.liadm.com
idsync.rlcdn.com
jadserve.postrelease.com
js.center.io
lh3.googleusercontent.com
links.b.incomeinvestinginsider.com
load.sumo.com
match.sharethrough.com
partner.mediawallahscript.com
pixel.advertising.com
pixel.rubiconproject.com
r.casalemedia.com
r3.visualwebsiteoptimizer.com
rtb-csync.smartadserver.com
s.ad.smaato.net
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sslwidget.criteo.com
static.criteo.com
static.leadpages.net
stats.g.doubleclick.net
sumo.com
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
trends.revcontent.com
ups.analytics.yahoo.com
widget.us.criteo.com
www.behind-the-markets.com
www.behindthemarkets-btm.com
www.checkerlinkery.com
www.clkmg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
x.bidswitch.net
104.111.242.245
104.21.64.128
104.21.85.245
104.75.88.126
13.248.245.213
13.32.22.28
141.226.228.48
142.250.184.232
142.250.185.129
142.250.185.78
142.250.186.100
142.250.186.99
142.251.36.35
172.217.168.194
178.250.0.157
178.250.0.163
178.250.2.130
18.156.0.31
18.185.129.183
18.66.248.122
184.169.240.186
184.30.24.22
185.60.216.19
185.64.190.80
185.86.137.131
2.18.234.21
2.21.40.243
204.79.197.200
205.185.216.10
212.82.100.181
216.58.212.170
216.58.214.19
3.122.13.237
31.13.64.35
34.107.203.240
34.120.142.1
34.96.102.137
35.192.151.63
35.194.81.74
35.202.21.90
35.244.174.68
37.252.172.123
46.228.164.13
50.31.142.63
50.97.244.203
52.0.188.249
52.202.196.233
52.210.237.91
52.28.181.192
52.29.70.185
52.38.14.212
52.86.125.50
54.155.208.14
54.166.203.135
64.233.167.157
74.119.119.150
8.39.36.141
87.248.118.22
89.187.169.47
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc
132ff663ec567f9ae205298aaf3d6d16048f20750616d8b3ea174fdc4cb3ff0c
133be2ab152b1c9f408e9a597430361539cf3b8255a0a92f8a8a8a885e079702
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
1b0a8b83386af99b99eeeea1f50deddabbbc2a70d324c7ed466fc4399d31e3b7
1b54b66edcb0c239350b409ff86ba3195fa5c6455b0251e76d910ba4fc091be1
1e843b8b1f0971ce91d1d7e45e35e23dbb6008cdc3a859f9d42e384cf05650fb
255f497324a8823e617af3b9135771124c5a124b3d2d77ddae68e9b6a780d049
2b89ce6bb6c3037d363dcfa4470f124a6647374c3cce4bdaf0bf07ab001b2464
2c0e68c05ab8a290014b40f848b639d52adb1eeaffebe207124f2174f60f7add
2dcf66df3032042a56e661d5be35ba4f3af5328d29e4698ee8fd0ba4b88cc932
2e42ee85db205de7ee6b3e254523c734643431764b9bbc87c058e89cf474c5c5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
36dc7363f42099049f12e0c5c85c0f016832875021ba68c3d2f83045594ffac4
36f8ebc269337df3e2eee25ca04fe31515673e3f527224fe07d957a6da2f36b0
3705afa2ba67e76379c851b704bb0db8ed87656a819209c28b63d2321343fcd8
3781c3ed74cc05814348962bb5af29842c7c12c253ce809dee9ce9f2327afd4b
38ce40f41757c9b666dbd3594af6fb2a4910f7521da1d65e697af42e6cdad7d7
3901b158d5dd073322290f524eb9f43a7ecdb95e42810c512e78602dbb055ad3
3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
46110fec7569660d11ee0a5e105369adf163ed9f64381085abbe5c63b0af92ab
4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e
48e6569cf06d8b950da3926d80fe1528f7ebaf32cd060d43ee3d79a722cb5387
49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9
4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9
50db2374eb03bf94328679ff6ad7c95541ec88f2426b237ca7a09d8e31a531d4
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53d57168540bb85fb843de9e649053e8fbf95a30d151b5cc30c7e704b7669a69
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296
55f1deb0d20b8ef2b1b728e9c536647f1895355b61bef28abb41eb6dcec41411
592e4d1835429b83456573242ac88bb14dac49923173813eeaa78537bb7620f2
5c3a00eb37ad8e96072e58f6dd7ab2e708ce6406b766d71e207d46ee97aa8512
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
5fac5fb8dc418f1b927e0409ee7811fb8debdfb308fbc17ae786f7ca5f4b4219
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
64369b56b87a6a6a37ce6c800d296e77b379c49fff9cb2a556c5f8ad3ccb4b36
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d5dce43acba1416db19f39d22d8db0dd7dd366ff39b15ca5f1752e8d7ec5d7e
6de05c135e09807c1a50d1e68453a011f56ad6797d38712af1534e9343b89346
718376d4fdf85b7910071d6196e4e14cd2972f90ec70e622cc5892e65ada124d
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
72b95405e006370e34ac6d7be5f4b185fe0d1058d43b576136d0ac5eddd88562
73c42500e4af90ca921ec406fd0cb6af6a43fe78d1eda3de7d655aa215565a60
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75a75114a3326f64b66896b4e47f2ebe985c53caab85e17814eaa17ed216005a
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
76808fdce8c1369070eca797e601282535eaab85bebf2bcce41ffd84c50d4c35
79e703e37d0c5dbedbfad7f3f3c9607a616174a1ce152ff230895cd2062e1f33
7b93501d3965ccc6d249f71312e04eebbab373bf305e1af92c2c668dd6eb3bdf
7bd10dcd45b27f8c416e2963cbec082c8beb2b653a0002d67bf0857b2db95c9b
7d5beae7ebc2c7ce5cb8e194dd48e0229ab6f36e09623713865cceaac4bb4b08
7ddf07e39d31b21a32b5a04ed372affc2622e4cb8faa706f17bb91178c3e2d76
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8e689d74f8c13a43ef8a9c23c84db00756e7841b4e5e56267ad7216d8509fabe
8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f
908362cc3d83780a006474ebea417be9ff9e9f92175e4295c990747e211507d8
94052c1920fe8b6b2e791f362c8a4247e50f0abcab5e61225d3f3a2414c73a43
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
96ad5f56a00803d62c47a3d21d9017916e470ab35935361f0f822af42d559d62
96fe92f97fc2c54b47fc3a8b6ab7788ea64be5925bfeb8378cf7753b397a2778
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ca8a06fa36760ac11757bf1454f1a8dfd50150e294520a91e6864d29f7fde8a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a41fbc6f047bff27d48bb7f9131524c1ec2fa41f5f43b339830e77f94d3f3e25
a8eaf699085189552bba8f5057bcf969e3087d39f7830bd20c31a767f47c4dc7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b3fdac93d880353fc983f82b9ed6fa62e54d755e05c1ee51020d98e95e35cb1a
b494764a83e1a3fb8c887deedf8c8a87edf40697e45f21a357fcf61d6a55c5c6
b7893a230766dd48285139bdfe35565e504f0b3b68cfc856da3dc81db307569a
b860877347b5fb701c185e3040e04fecca7506822e712f1a8074554ef513925d
ba398c4073f3dde850f04637918764494bad50499536ad1781113c66ec325eae
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c9944716a10b83ea2b631e2fc091a3f4a289cdf835abcaab5b694065808092f3
c99e1eaa85d260995d9712261a68944fbf1501210fc0b72fd69286218c58a39e
ca5e8198626ecded4b40a5e264d6fca7d1b4663db1fdd1032b3755aeb5ccd297
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
cdf6aa48e94cc037d933692c5de29571fe81e66b73a9cc57f82614dcd25806a7
ceca530b4469b61248174fd4111890059c196cd579dc3d6351aa0a5199a2e78f
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
d0a6684633c6ab8da1971668ea1691819ac386ff1fe02a5ce18926028a02b726
d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8
d4c681d944d268255bf7694ad162cb43c7f02aeeb3b0bd8d5375937278a70e91
d6c652b770391aba1eb4c71ad06b1b858ee1f8d13152aef29cab9cd2f4e3c2b3
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e17f0091bbce5eb0f3a8b1dd678af32261ad748c55714bb69cafa60c0be90489
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
e99b1332226c6486a8a20ed70dabcb018e623a70cca29e202a48d653a486161c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f962a0a8539cb44fb06a4494ffc65fa38369085603acf1a4b96adb8fb164e0d2
f99dac30c7093e8b1c2689aef392938701193512f32b6a919249821c6ba5a353
fdeca2cfc516555aacf01d48f855898eaddc3467cbb92d8b8e30e91a61a3e409
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
fe4a6e0c7220b1a9ce45b621a0e9844db3f75b359050882bcfc3ac2f5bb9ad51

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

144 Requests

90 %HTTPS

0 %IPv6

50 Domains

61 Subdomains

52 IPs

7 Countries

1773 kBTransfer

4887 kBSize

73 Cookies

2 Outgoing links

Page URL History

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

90 %
HTTPS

0 %
IPv6

50
Domains

61
Subdomains

52
IPs

7
Countries

1773 kB
Transfer

4887 kB
Size

73
Cookies

144 HTTP transactions
0 data transactions