go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.email.theempiretrading.com/u/click?_t=10b77c569a1c4cff95bb1b98f9754a3f&_m=7772a2bcbf9940da95be96cc7538aac2&_e=hFqOz3hlA9jyw...
Effective URL:
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campa...
Submission: On December 30 via api (December 30th 2021, 8:40:19 pm UTC) from BE — Scanned from DE

Summary HTTP 141 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 50 IPs in 8 countries across 49 domains to perform 141 HTTP transactions. The main IP is 35.202.21.90, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is go.behindthemarkets.com.
TLS certificate: Issued by R3 on December 6th 2021. Valid for: 3 months.

This is the only time go.behindthemarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:215... 2600:9000:2156:600:12:36b3:7a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3036::ac43:cedc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	50.97.212.250 50.97.212.250	36351 (SOFTLAYER) (SOFTLAYER)
1 3	2606:4700:303... 2606:4700:3032::ac43:d48e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.202.21.90 35.202.21.90	15169 (GOOGLE) (GOOGLE)
3	34.107.203.240 34.107.203.240	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	34.120.142.1 34.120.142.1	15169 (GOOGLE) (GOOGLE)
56	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2013	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	178.250.2.130 178.250.2.130	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
6	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
4	35.192.151.63 35.192.151.63	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3 4	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	52.38.14.212 52.38.14.212	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1 4	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1 2	34.254.114.92 34.254.114.92	16509 (AMAZON-02) (AMAZON-02)
1 2	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
1	184.30.24.121 184.30.24.121	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
3 4	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:215... 2600:9000:2156:ae00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	18.156.181.139 18.156.181.139	16509 (AMAZON-02) (AMAZON-02)
1	99.80.164.0 99.80.164.0	16509 (AMAZON-02) (AMAZON-02)
1	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	185.86.139.114 185.86.139.114	201081 (SMARTADSE...) (SMARTADSERVER)
1	3.67.115.59 3.67.115.59	16509 (AMAZON-02) (AMAZON-02)
1 2	52.215.211.56 52.215.211.56	16509 (AMAZON-02) (AMAZON-02)
2 2	54.81.135.237 54.81.135.237	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4602:9c05:7f25:f6a5:7205	14618 (AMAZON-AES) (AMAZON-AES)
1	3.217.216.1 3.217.216.1	14618 (AMAZON-AES) (AMAZON-AES)
2 2	18.158.253.107 18.158.253.107	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4200:ee57:5bc8:4ac0:7a5	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
141	50

1 2600:9000:2156:600:12:36b3:7a80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

links.email.theempiretrading.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:cedc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkerclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.97.212.250 (San Jose, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: fa.d4.6132.ip4.static.sl-reverse.com

www.clkmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3032::ac43:d48e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.behindthemarkets-btm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.202.21.90 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 90.21.202.35.bc.googleusercontent.com

go.behindthemarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.203.240 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 240.203.107.34.bc.googleusercontent.com

static.leadpages.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
embed.lpcontent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.142.1 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 1.142.120.34.bc.googleusercontent.com

www.behind-the-markets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

js.center.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.96.102.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.192.151.63 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 63.151.192.35.bc.googleusercontent.com

api.leadpages.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638::1c (France) 3 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.38.14.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-14-212.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.254.114.92 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-114-92.eu-west-1.compute.amazonaws.com

partner.mediawallahscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.133.78 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.191 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com

cw.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.53 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:ae00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.181.139 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-181-139.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.164.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-164-0.eu-west-1.compute.amazonaws.com

trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.114 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.67.115.59 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-115-59.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.211.56 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-211-56.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.81.135.237 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-135-237.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4602:9c05:7f25:f6a5:7205 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.217.216.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-216-1.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.253.107 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-253-107.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:ee57:5bc8:4ac0:7a5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.233 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

cdn.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	googleusercontent.com lh3.googleusercontent.com	767 KB
19	sumo.com load.sumo.com sumo.com	448 KB
11	criteo.com 4 redirects static.criteo.com gum.criteo.com mug.criteo.com sslwidget.criteo.com widget.us.criteo.com dis.criteo.com	29 KB
6	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	89 KB
5	yahoo.com 1 redirects ads.yahoo.com sp.analytics.yahoo.com ups.analytics.yahoo.com	2 KB
4	adnxs.com 3 redirects secure.adnxs.com	4 KB
4	leadpages.io api.leadpages.io	2 KB
3	liadm.com 2 redirects i.liadm.com i6.liadm.com	2 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net cm.g.doubleclick.net	1 KB
3	behindthemarkets-btm.com 1 redirects www.behindthemarkets-btm.com	21 KB
2	stickyadstv.com 1 redirects ads.stickyadstv.com cdn.stickyadstv.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	709 B
2	360yield.com 1 redirects ad.360yield.com	851 B
2	bidswitch.net 1 redirects x.bidswitch.net	1 KB
2	casalemedia.com 1 redirects r.casalemedia.com	2 KB
2	3lift.com 1 redirects eb2.3lift.com	732 B
2	mgid.com 1 redirects cm.mgid.com	1 KB
2	mediawallahscript.com 1 redirects partner.mediawallahscript.com	1 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	facebook.com www.facebook.com	386 B
2	facebook.net connect.facebook.net	113 KB
2	center.io js.center.io	8 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	leadpages.net static.leadpages.net	93 KB
1	turn.com 1 redirects d.turn.com	418 B
1	tremorhub.com criteo-partners.tremorhub.com	183 B
1	postrelease.com jadserve.postrelease.com	427 B
1	sharethrough.com match.sharethrough.com	262 B
1	smartadserver.com rtb-csync.smartadserver.com	163 B
1	taboola.com sync-t1.taboola.com	231 B
1	teads.tv criteo-sync.teads.tv	172 B
1	revcontent.com trends.revcontent.com	336 B
1	smaato.net s.ad.smaato.net	241 B
1	media.net contextual.media.net	781 B
1	pubmatic.com simage2.pubmatic.com	671 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	addthis.com cw.addthis.com	425 B
1	outbrain.com sync.outbrain.com	476 B
1	rlcdn.com idsync.rlcdn.com	417 B
1	google.de www.google.de	501 B
1	google.com www.google.com	501 B
1	gstatic.com fonts.gstatic.com	32 KB
1	lpcontent.net embed.lpcontent.net	15 KB
1	googletagmanager.com www.googletagmanager.com	51 KB
1	behind-the-markets.com www.behind-the-markets.com	18 KB
1	behindthemarkets.com go.behindthemarkets.com	49 KB
1	clkmg.com 1 redirects www.clkmg.com	489 B
1	linkerclick.com 1 redirects www.linkerclick.com	800 B
1	theempiretrading.com 1 redirects links.email.theempiretrading.com	1 KB
141	49

	Domain	Requested by
56	lh3.googleusercontent.com	go.behindthemarkets.com
14	load.sumo.com	go.behindthemarkets.com load.sumo.com
6	dev.visualwebsiteoptimizer.com	go.behindthemarkets.com dev.visualwebsiteoptimizer.com
5	sumo.com	load.sumo.com
4	secure.adnxs.com	3 redirects
4	gum.criteo.com	3 redirects static.criteo.com
4	api.leadpages.io	js.center.io embed.lpcontent.net
3	ups.analytics.yahoo.com	1 redirects
3	dis.criteo.com
3	www.behindthemarkets-btm.com	1 redirects www.googletagmanager.com www.behindthemarkets-btm.com
2	pixel.advertising.com	2 redirects
2	i.liadm.com	2 redirects
2	ad.360yield.com	1 redirects
2	x.bidswitch.net	1 redirects
2	r.casalemedia.com	1 redirects
2	eb2.3lift.com	1 redirects
2	cm.mgid.com	1 redirects
2	partner.mediawallahscript.com	1 redirects
2	cm.g.doubleclick.net	2 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.facebook.com	go.behindthemarkets.com
2	connect.facebook.net	go.behindthemarkets.com connect.facebook.net
2	js.center.io	go.behindthemarkets.com js.center.io
2	fonts.googleapis.com	go.behindthemarkets.com client
2	static.leadpages.net	go.behindthemarkets.com static.leadpages.net
1	d.turn.com	1 redirects
1	cdn.stickyadstv.com
1	ads.stickyadstv.com	1 redirects
1	criteo-partners.tremorhub.com
1	jadserve.postrelease.com
1	i6.liadm.com
1	match.sharethrough.com
1	rtb-csync.smartadserver.com
1	sync-t1.taboola.com
1	criteo-sync.teads.tv
1	trends.revcontent.com
1	s.ad.smaato.net
1	contextual.media.net
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	cw.addthis.com
1	sync.outbrain.com
1	sp.analytics.yahoo.com
1	ads.yahoo.com
1	idsync.rlcdn.com
1	widget.us.criteo.com
1	sslwidget.criteo.com	1 redirects
1	www.google.de
1	www.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	mug.criteo.com
1	static.criteo.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	embed.lpcontent.net	go.behindthemarkets.com
1	www.googletagmanager.com	go.behindthemarkets.com
1	www.behind-the-markets.com	go.behindthemarkets.com
1	go.behindthemarkets.com
1	www.clkmg.com	1 redirects
1	www.linkerclick.com	1 redirects
1	links.email.theempiretrading.com	1 redirects
141	60

This site contains links to these domains. Also see Links.

Domain
behindthemarkets.com

Subject Issuer	Validity	Valid
go.behindthemarkets.com R3	`2021-12-06` - `2022-03-06`	3 months	crt.sh
static.leadpages.net GTS CA 1D4	`2021-11-06` - `2022-02-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
partners.digitaloj.com Go Daddy Secure Certificate Authority - G2	`2021-06-25` - `2022-01-14`	7 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.center.io Go Daddy Secure Certificate Authority - G2	`2020-01-21` - `2022-01-21`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
embed.lpcontent.net GTS CA 1D4	`2021-11-04` - `2022-02-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-11` - `2022-03-10`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-09` - `2022-01-07`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
*.leadpages.io Go Daddy Secure Certificate Authority - G2	`2021-10-22` - `2022-11-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-12-06` - `2022-01-26`	2 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2021-10-24` - `2022-11-24`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
s.ad.smaato.net Amazon	`2021-09-21` - `2022-10-20`	a year	crt.sh
revcontent.com Amazon	`2021-08-09` - `2022-09-07`	a year	crt.sh
teads.tv R3	`2021-11-03` - `2022-02-01`	3 months	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.postrelease.com Amazon	`2021-12-28` - `2023-01-25`	a year	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Frame ID: EE8CE6157D4E2700B7783A3E618135BA
Requests: 106 HTTP requests in this frame

Frame: https://js.center.io/identify.html
Frame ID: 73473CF18035A54E25B2029E1B328707
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Frame ID: 6F5A21879AAF0D1D0F4DE31CF6AB7230
Requests: 2 HTTP requests in this frame

Frame: https://idsync.rlcdn.com/397596.gif?partner_uid=g7SX5y9GJB_q4EJ8S_WUzmiEbYeYuIbj
Frame ID: 46D239C5D55921268D50405B6B43ED28
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

World War 5G

Page URL History Show full URLs

https://links.email.theempiretrading.com/u/click?_t=10b77c569a1c4cff95bb1b98f9754a3f&_m=7772a2bcbf9940da95be96cc7538a... HTTP 303
https://www.linkerclick.com/btmsal/rudyclaude4@gmail.com/theempiretrading.com/B/BTSL8 HTTP 302
https://www.clkmg.com/DaveMoneyBreacker/btmsal/rudyclaude4@gmail.com/theempiretrading.com/B/BTSL8 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=rudyclaude4@gmail.com&sub2=theempiretrading.com&sub3=B&su... HTTP 302
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm... Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

141
Requests

88 %
HTTPS

36 %
IPv6

49
Domains

60
Subdomains

50
IPs

8
Countries

1767 kB
Transfer

4832 kB
Size

73
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://behindthemarkets.com/p/terms
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://behindthemarkets.com/p/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.email.theempiretrading.com/u/click?_t=10b77c569a1c4cff95bb1b98f9754a3f&_m=7772a2bcbf9940da95be96cc7538aac2&_e=hFqOz3hlA9jywydGTG9DMG8-VUcMOcT1Ktm0uWhRxr4QNa6Z2rRqTmswxc9km5VHZPExplB0bEKW7YaJDae0u5v9SK4DrjrVjM3ssYadNWZNfQNW99Ywa7LL-87F28lOYsP8jyyKoxKOIfGp4bGGnMDkw1AePXVR035Q4z1_Ujv27sJy_R0WK6fFxSwmakERQLyPm5gWFmZoxipbTB89-5kwWCiwmxDVz3T0TvK9ZYd6tdZ4ca1M8syVpyH7nszSX1Fh1y9UxZ5ZJNIAQ3zTkigiLl0sNX3dQeX2N_Aw92cOobUzz_fXteSQvMjFagLD5J-NkpDOyCBOD6dQM7untw== HTTP 303
https://www.linkerclick.com/btmsal/rudyclaude4@gmail.com/theempiretrading.com/B/BTSL8 HTTP 302
https://www.clkmg.com/DaveMoneyBreacker/btmsal/rudyclaude4@gmail.com/theempiretrading.com/B/BTSL8 HTTP 302
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=rudyclaude4@gmail.com&sub2=theempiretrading.com&sub3=B&sub4=BTSL8&sub5= HTTP 302
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 83

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=2guYNHx6U0pMYUtJNzNTbmdva0pycElBcE04bFRkNytQa0hycEZORE5OTzFkczZTOUZYektDekJ1VHFvS1Z2bmdXUkJiekFuMTNVRFo3NlhuenhyeHdmb3E5ZUQzbTVXNGI2ZzFxRkcwaVRONGNDY2s5M3oxSTEzcnhSdEE5ZWV4TTA4bStsSWpNSGlVY0tWTEg3aEhXYUl4TWlpN0ZpNERjLzhpQlBFTFhMRG5rL0xQNWNDbG1xcWwwL0xOb0NnV3hZalpyMit2UjBLOVdjYzZXS0xyenNLRXVrNVJFRjhWK1FHa3VjMnAzVm0ybWRHRWcrOEdNaWYxclJ5TERTZVRublhGMmFIOERaaU1md0N1NTBYWWRYQVNWclNWMDg5dzJIWWlibVpBZ0NFbE0wTT18&cppv=2

Request Chain 89

https://sslwidget.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN3QkdGQkRxa3MySVdOaDRBOGk4VnRNZnYlMkYzMFJ0eHlFVWJVJTJCaEl4ekpxdVU5bHYwMUpuYWZlWHU0ZW9heTIxVFRqY1NoS1dSM2slMkZNdFJrZk1PM0RGQzcwdXFBTlJ1b0pyQXJLMG5VQzElMkJCbFZKMEZrJTJCRmg5a1V2JTJCaWFzSGZZSHVOUTR2V21zZG02dEdTTiUyQmNydGtNTnQlMkJwbyUzRA&tld=behindthemarkets.com&dtycbr=80531 HTTP 302
https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN3QkdGQkRxa3MySVdOaDRBOGk4VnRNZnYlMkYzMFJ0eHlFVWJVJTJCaEl4ekpxdVU5bHYwMUpuYWZlWHU0ZW9heTIxVFRqY1NoS1dSM2slMkZNdFJrZk1PM0RGQzcwdXFBTlJ1b0pyQXJLMG5VQzElMkJCbFZKMEZrJTJCRmg5a1V2JTJCaWFzSGZZSHVOUTR2V21zZG02dEdTTiUyQmNydGtNTnQlMkJwbyUzRA&tld=behindthemarkets.com&dtycbr=80531

Request Chain 95

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397596.gif?partner_uid=g7SX5y9GJB_q4EJ8S_WUzmiEbYeYuIbj

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay0zYWlzbXRFVWU5bHBLWnV0ZWViVmNIMGxKY2hrUTNxLUR1NldxZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay0zYWlzbXRFVWU5bHBLWnV0ZWViVmNIMGxKY2hrUTNxLUR1NldxZw&google_tc= HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 97

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&custom=&tag_format=img&tag_action=sync&custom=&cb=887d04de-ffca-47db-8977-f3fa412d443b HTTP 302
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=887d04de-ffca-47db-8977-f3fa412d443b&final=true&reqid=b06df700-69b0-11ec-a021-f92b1516b17b&timestamp=2021-12-30T20%3A40%3A13.680Z

Request Chain 98

https://cm.mgid.com/m?cdsp=617660&c=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg HTTP 307
https://cm.mgid.com/m?c=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&cdsp=617660&sct=1

Request Chain 101

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-GDt_FtEUe9lpKZuteebVcH0lJcj8m7ecURh6lw HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-GDt_FtEUe9lpKZuteebVcH0lJcj8m7ecURh6lw&verify=true

Request Chain 105

https://secure.adnxs.com/setuid?entity=52&code=k-zXdHSNEUe9lpKZuteebVcH0lJcgUVS6ZEl6UjQ&seg=95287 HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-zXdHSNEUe9lpKZuteebVcH0lJcgUVS6ZEl6UjQ%26seg%3D95287

Request Chain 107

https://eb2.3lift.com/xuid?mid=2711&xuid=k-9iuqv9EUe9lpKZuteebVcH0lJcizDD_z1pDt1A&dongle=013b HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-9iuqv9EUe9lpKZuteebVcH0lJcizDD_z1pDt1A&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

Request Chain 109

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g&C=1

Request Chain 111

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-0ErZKdEUe9lpKZuteebVcH0lJciEHVt5IsYTLA&expires=30&user_group=5 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-0ErZKdEUe9lpKZuteebVcH0lJciEHVt5IsYTLA&expires=30&user_group=5

Request Chain 117

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-RTkYTNEUe9lpKZuteebVcH0lJcivK7sbOjED9Q HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-RTkYTNEUe9lpKZuteebVcH0lJcivK7sbOjED9Q

Request Chain 118

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA HTTP 303
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA&_li_chk=true&previous_uuid=63a1862123904c878991c058a442787d HTTP 303
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA

Request Chain 120

https://pixel.advertising.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1&apid=UPb0832d11-69b0-11ec-9fa7-02c56a2956ca

Request Chain 122

https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k--1n5L9EUe9lpKZuteebVcH0lJciF4Gt_aHmv6A&redirectId=69 HTTP 302
https://cdn.stickyadstv.com/one-shot/empty.gif

Request Chain 123

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/ttdbDd0E79MVPLgt671NCDjIMGuIgskP/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3704580831206958240

Request Chain 124

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7463700316977324748

141 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
go.behindthemarkets.com/btm-5g-arrow-sandia/
Redirect Chain

https://links.email.theempiretrading.com/u/click?_t=10b77c569a1c4cff95bb1b98f9754a3f&_m=7772a2bcbf9940da95be96cc7538aac2&_e=hFqOz3hlA9jywydGTG9DMG8-VUcMOcT1Ktm0uWhRxr4QNa6Z2rRqTmswxc9km5VHZPExplB0b...
https://www.linkerclick.com/btmsal/rudyclaude4@gmail.com/theempiretrading.com/B/BTSL8
https://www.clkmg.com/DaveMoneyBreacker/btmsal/rudyclaude4@gmail.com/theempiretrading.com/B/BTSL8
https://www.behindthemarkets-btm.com/4P7M9M/55M6S/?sub1=rudyclaude4@gmail.com&sub2=theempiretrading.com&sub3=B&sub4=BTSL8&sub5=
https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82

301 KB
49 KB

480ms
217ms

Document
text/html

35.202.21.90
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.202.21.90 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

90.21.202.35.bc.googleusercontent.com

Software

Leadpages /

Resource Hash

cfe7eb3baa9ab46d35285d0521588375c6965b266c01ca227427b06446ee657e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Mon, 27 Dec 2021 16:05:10 GMT
etag: W/"4e7f8474e960f24096ff36ca5179afe0"
x-cache: MISS, HIT
cache-control: no-cache
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br

Redirect headers

date: Thu, 30 Dec 2021 20:40:11 GMT
content-type: text/html; charset=utf-8
location: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
vary: Origin
x-eflow-request-id: 51308aa3-dc4c-4e53-a878-0035d5d9f29f
via: 1.1 google
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DuYlbjeB45sOQe53xigz27oRTPm5HBQXkAa2kIKMvU%2FzbRIhdxiZEie%2FbF%2F0gg%2BokQwDCQnNUZIZLgGQW6Qtup%2FgQarXSwg3V32vLuXLP5dwr9ThmaM9T6pafXybag371AL7u1RE%2B3qIWlDIMNpxYACKBubfG28NM8H2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6c5e14f05a78e8f3-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 all.min.css
static.leadpages.net/fonts/font-awesome/5.14.0/css/ 58 KB
14 KB 37ms
9ms Stylesheet
text/css 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 02:52:57 GMT
content-encoding: gzip
server: Google Frontend
age: 1187235
etag: "uPB0kA"
content-type: text/css
access-control-allow-origin: *
x-cloud-trace-context: 1469a40fe547c8bfbbfa6e65a409cc30
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 14628
via: 1.1 google
expires: Sat, 17 Dec 2022 02:52:57 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 41ms
17ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:300,400,500,700

Requested by

Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1b0a8b83386af99b99eeeea1f50deddabbbc2a70d324c7ed466fc4399d31e3b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 20:33:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 20:40:12 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 20:40:12 GMT

GET
H2 200 everflow.js Show response
www.behind-the-markets.com/scripts/sdk/ 58 KB
18 KB 157ms
110ms Script
text/javascript 34.120.142.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behind-the-markets.com/scripts/sdk/everflow.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.142.1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 1.142.120.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: 96c43a2f-a337-4e2e-a426-4f6acc91d133
alt-svc: clear

GET
H2 200 AQ5VUH0Nj14Mgaeh1JQWi7IerYk_Qp25RCGdYpoSG3G65ryIg9qYk1-B59c270Q4CLJd4bexRVFR7E1Dag4g=s0
lh3.googleusercontent.com/ 45 KB
46 KB 33ms
9ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/AQ5VUH0Nj14Mgaeh1JQWi7IerYk_Qp25RCGdYpoSG3G65ryIg9qYk1-B59c270Q4CLJd4bexRVFR7E1Dag4g=s0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7bd10dcd45b27f8c416e2963cbec082c8beb2b653a0002d67bf0857b2db95c9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:02 GMT
x-content-type-options: nosniff
age: 13390
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46568
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w16
lh3.googleusercontent.com/ 988 B
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ba398c4073f3dde850f04637918764494bad50499536ad1781113c66ec325eae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:02 GMT
x-content-type-options: nosniff
age: 13390
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 988
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:51 GMT

GET
H2 200 vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w16
lh3.googleusercontent.com/ 3 KB
4 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f962a0a8539cb44fb06a4494ffc65fa38369085603acf1a4b96adb8fb164e0d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:02 GMT
x-content-type-options: nosniff
age: 13390
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3560
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 TYG-SIkPivIE5orrrQrIgOtWIrd8L7hXmRVfJmUGMzWvkFEK8SJ843iruoRXWwSOKm9PTjBNWclEGepvwB1m=w16
lh3.googleusercontent.com/ 3 KB
4 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/TYG-SIkPivIE5orrrQrIgOtWIrd8L7hXmRVfJmUGMzWvkFEK8SJ843iruoRXWwSOKm9PTjBNWclEGepvwB1m=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b3fdac93d880353fc983f82b9ed6fa62e54d755e05c1ee51020d98e95e35cb1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3563
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 6myFPUmx_vo2b82wPBofB04jE0A4gUoQ-2fFegRtVv--YqAD5NK5VSEJMIzKJHUV2Co96Fzc2zm7SxWs6WS1eXo=w16
lh3.googleusercontent.com/ 371 B
396 B 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/6myFPUmx_vo2b82wPBofB04jE0A4gUoQ-2fFegRtVv--YqAD5NK5VSEJMIzKJHUV2Co96Fzc2zm7SxWs6WS1eXo=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f99dac30c7093e8b1c2689aef392938701193512f32b6a919249821c6ba5a353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 371
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:51 GMT

GET
H3 200 nY0taz2--WWs6OFQDTSywKwMQ6DSZgLRZyH-x1oSMA81PwJQeNsr4p6WuxhL-TJM7iD7alDVt1larTI6sKUB7Q=w16
lh3.googleusercontent.com/ 4 KB
4 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/nY0taz2--WWs6OFQDTSywKwMQ6DSZgLRZyH-x1oSMA81PwJQeNsr4p6WuxhL-TJM7iD7alDVt1larTI6sKUB7Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

96ad5f56a00803d62c47a3d21d9017916e470ab35935361f0f822af42d559d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3598
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0
lh3.googleusercontent.com/ 26 KB
26 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PyuiAcJjDOAwY-Gf3RK4alIBQMlJze68clTwJQuigHj7hqAj4YxOm6ge5P8b7hZVavNgwTkqhzah7RVCamu0W8xKy8k7rQQeGQ=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26391
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 21:09:39 GMT

GET
H3 200 _x-gHJ-aGYkeRc1NWopMbRlCWSQGhtjX4HGUpZu9ytTeHF1njf4pswrGxQpUmFdsYU_G8lUCoNvDBIQmiVlPNcc=w16
lh3.googleusercontent.com/ 4 KB
4 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/_x-gHJ-aGYkeRc1NWopMbRlCWSQGhtjX4HGUpZu9ytTeHF1njf4pswrGxQpUmFdsYU_G8lUCoNvDBIQmiVlPNcc=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

73c42500e4af90ca921ec406fd0cb6af6a43fe78d1eda3de7d655aa215565a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3594
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 e61vc2JIp4aDz2gLNZyUwUYw8MnRuJCZJVA4wAXQU0yyDdI7x5LIulZihIch2VM6h5Lju7t_YUb9m8HyBTr4dg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e61vc2JIp4aDz2gLNZyUwUYw8MnRuJCZJVA4wAXQU0yyDdI7x5LIulZihIch2VM6h5Lju7t_YUb9m8HyBTr4dg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e17f0091bbce5eb0f3a8b1dd678af32261ad748c55714bb69cafa60c0be90489

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H3 200 8Gnfn0msMSt74DBVKaEf6nfEaikytFY4aY6Eyq_CbaVEvIpCTZiWhm4VJ_VcoFkQ3vr5I9nf83QW5yPVwyPkXg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/8Gnfn0msMSt74DBVKaEf6nfEaikytFY4aY6Eyq_CbaVEvIpCTZiWhm4VJ_VcoFkQ3vr5I9nf83QW5yPVwyPkXg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7ddf07e39d31b21a32b5a04ed372affc2622e4cb8faa706f17bb91178c3e2d76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3596
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 O7WsSQohc9dtDn5dYay1RhrvymCogFg7Tp8VmR7adUk9M-nHdHIr4NO2oZ0inQ4CUoUVWEl2aUadPa_9F3l28A=w16
lh3.googleusercontent.com/ 4 KB
4 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/O7WsSQohc9dtDn5dYay1RhrvymCogFg7Tp8VmR7adUk9M-nHdHIr4NO2oZ0inQ4CUoUVWEl2aUadPa_9F3l28A=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e99b1332226c6486a8a20ed70dabcb018e623a70cca29e202a48d653a486161c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 fyRqwcDnIibGy3o7IqvRbsTOLREQrtdPL3l3jepDEXw7wgcxDUl36Y1TOwtQmuyPROeiDvqrZRSJnVWd0fRa=w16
lh3.googleusercontent.com/ 1 KB
1 KB 11ms
11ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/fyRqwcDnIibGy3o7IqvRbsTOLREQrtdPL3l3jepDEXw7wgcxDUl36Y1TOwtQmuyPROeiDvqrZRSJnVWd0fRa=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

75a75114a3326f64b66896b4e47f2ebe985c53caab85e17814eaa17ed216005a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1024
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 BjDwHsLmymS2nVWzOsmC-qqAJizm0t7WYi__LBNYx8y0X920MgB2Xek0yTPaFj8AOKYwvU3tKRIUkB-st55uXg=s0
lh3.googleusercontent.com/ 43 KB
43 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/BjDwHsLmymS2nVWzOsmC-qqAJizm0t7WYi__LBNYx8y0X920MgB2Xek0yTPaFj8AOKYwvU3tKRIUkB-st55uXg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

132ff663ec567f9ae205298aaf3d6d16048f20750616d8b3ea174fdc4cb3ff0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:03 GMT
x-content-type-options: nosniff
age: 13389
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43586
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 NgXG61t76q3vKpGkhuO3Ty72J8rvFyvSRG47iSXVPrUHCcgJhf55_ACxz5jAWP8vQjPdrFvGjGWjMHIH8SrO=w16
lh3.googleusercontent.com/ 4 KB
4 KB 14ms
10ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/NgXG61t76q3vKpGkhuO3Ty72J8rvFyvSRG47iSXVPrUHCcgJhf55_ACxz5jAWP8vQjPdrFvGjGWjMHIH8SrO=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

72b95405e006370e34ac6d7be5f4b185fe0d1058d43b576136d0ac5eddd88562

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 leiJwM0fehZ7GJnjZ3RF4K1wEYqTavDcCW2UwICye682ACJ-uFPSNLw9SBFSofITFP_b-wXkDSWbpBejDhWWdg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 14ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/leiJwM0fehZ7GJnjZ3RF4K1wEYqTavDcCW2UwICye682ACJ-uFPSNLw9SBFSofITFP_b-wXkDSWbpBejDhWWdg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6de05c135e09807c1a50d1e68453a011f56ad6797d38712af1534e9343b89346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3599
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 tekYqT59tex3u7_KW2vKQ7p1NVn76NHX9FXJrSeD6CrEjhkltn3fw9pXFiNdMqjHzCi39qtXxWSnRS-P_u-u=w16
lh3.googleusercontent.com/ 4 KB
4 KB 14ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/tekYqT59tex3u7_KW2vKQ7p1NVn76NHX9FXJrSeD6CrEjhkltn3fw9pXFiNdMqjHzCi39qtXxWSnRS-P_u-u=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fe4a6e0c7220b1a9ce45b621a0e9844db3f75b359050882bcfc3ac2f5bb9ad51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 e3F9X055zl41kZMMX8voWduaoJUNvhyOsAVH9dwhaNY2o0TNuQg5i-ICcJ-oVJEQsnMJB8-zPBDa5YZYhQbOBw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 15ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e3F9X055zl41kZMMX8voWduaoJUNvhyOsAVH9dwhaNY2o0TNuQg5i-ICcJ-oVJEQsnMJB8-zPBDa5YZYhQbOBw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d0a6684633c6ab8da1971668ea1691819ac386ff1fe02a5ce18926028a02b726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3603
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 vtqMDLzgHZOOZVOEr15Ir9n3EzJt5gMaYi4YggOL1nq-WRYMPoHbhAfHOYocHhxXiqgpciYJ_FTJxFnPDmNZKA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 15ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vtqMDLzgHZOOZVOEr15Ir9n3EzJt5gMaYi4YggOL1nq-WRYMPoHbhAfHOYocHhxXiqgpciYJ_FTJxFnPDmNZKA=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ca5e8198626ecded4b40a5e264d6fca7d1b4663db1fdd1032b3755aeb5ccd297

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3600
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 A9m2vigCxUkRSdPxWFO2fx6wQGn0S6H-5Q5RdxEJ1VFyG6FIcmBBtiLsUMNZsZcMHL36jG5rSUUyH8x2p_k-=w16
lh3.googleusercontent.com/ 4 KB
4 KB 15ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/A9m2vigCxUkRSdPxWFO2fx6wQGn0S6H-5Q5RdxEJ1VFyG6FIcmBBtiLsUMNZsZcMHL36jG5rSUUyH8x2p_k-=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2e42ee85db205de7ee6b3e254523c734643431764b9bbc87c058e89cf474c5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3594
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 MJe7EHJPAO6wgcW3Nsb89tFvZI5pFDmomAy4BoMmsivqJwfMU0Zi6GMsouhfIVlIMXtAlKhxm-7A0eMqQhxm1kQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 16ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/MJe7EHJPAO6wgcW3Nsb89tFvZI5pFDmomAy4BoMmsivqJwfMU0Zi6GMsouhfIVlIMXtAlKhxm-7A0eMqQhxm1kQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2b89ce6bb6c3037d363dcfa4470f124a6647374c3cce4bdaf0bf07ab001b2464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 9Ics_1K6PKq9CtKSDHVgud5pwA-8sS-RZjhIis1pVaSYEqkYqzRSqvC08IOdg4pI4R6s6R7egJH8J4rzMHTmf20=w16
lh3.googleusercontent.com/ 4 KB
4 KB 16ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/9Ics_1K6PKq9CtKSDHVgud5pwA-8sS-RZjhIis1pVaSYEqkYqzRSqvC08IOdg4pI4R6s6R7egJH8J4rzMHTmf20=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2c0e68c05ab8a290014b40f848b639d52adb1eeaffebe207124f2174f60f7add

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3597
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 OFff5EAVQQVU2QxAObZB_PDzvjfcrPVXpGvJgTIVUbOgmughp99vBFa9JHg97uL2Kgiwilck3yzyl3a7_KEl2A=w16
lh3.googleusercontent.com/ 3 KB
4 KB 19ms
11ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/OFff5EAVQQVU2QxAObZB_PDzvjfcrPVXpGvJgTIVUbOgmughp99vBFa9JHg97uL2Kgiwilck3yzyl3a7_KEl2A=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5c3a00eb37ad8e96072e58f6dd7ab2e708ce6406b766d71e207d46ee97aa8512

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3561
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 abQAPI6AZOQHN0aR7dfAOCWgC2ydOCtbriJVzo3PDZIm4pEGHOaPcmTPyeVRHNN7qBxuqlpuAkeU7x3_3pa0HjFAf1yVzGh8lHg=s0
lh3.googleusercontent.com/ 28 KB
28 KB 16ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/abQAPI6AZOQHN0aR7dfAOCWgC2ydOCtbriJVzo3PDZIm4pEGHOaPcmTPyeVRHNN7qBxuqlpuAkeU7x3_3pa0HjFAf1yVzGh8lHg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

55f1deb0d20b8ef2b1b728e9c536647f1895355b61bef28abb41eb6dcec41411

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28253
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 XtEJ2erPL3329e6piL_frCo-mHblFLj1t6iaRboik1yGovshR1yh3oriE4wTnCZYujRZA0M2WuO2kTzNU9q4GuOLd1IgPk_0Pg=s0
lh3.googleusercontent.com/ 20 KB
20 KB 25ms
17ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XtEJ2erPL3329e6piL_frCo-mHblFLj1t6iaRboik1yGovshR1yh3oriE4wTnCZYujRZA0M2WuO2kTzNU9q4GuOLd1IgPk_0Pg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

79e703e37d0c5dbedbfad7f3f3c9607a616174a1ce152ff230895cd2062e1f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20964
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 NvgCQWni5zDRr3EKaDSN9UiHbYNhMqlulG7-NZWNeqftQGIykcW4Ke_wq8PW0QwomH9_suRnI97yY-ltZLyVScocKnLoPdjeC2o=s0
lh3.googleusercontent.com/ 30 KB
30 KB 22ms
15ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/NvgCQWni5zDRr3EKaDSN9UiHbYNhMqlulG7-NZWNeqftQGIykcW4Ke_wq8PW0QwomH9_suRnI97yY-ltZLyVScocKnLoPdjeC2o=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a8eaf699085189552bba8f5057bcf969e3087d39f7830bd20c31a767f47c4dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:04 GMT
x-content-type-options: nosniff
age: 13388
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30776
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 JSGTkDAlJ4brk4ot67-NKL0HtwrkgMOPcSglhblhJKRpE-FePkqJHgYn50dIJfL-OlyQsw4A5iSHLj85EtLRybGPXxLbPu1PaJc=s0
lh3.googleusercontent.com/ 23 KB
23 KB 23ms
16ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/JSGTkDAlJ4brk4ot67-NKL0HtwrkgMOPcSglhblhJKRpE-FePkqJHgYn50dIJfL-OlyQsw4A5iSHLj85EtLRybGPXxLbPu1PaJc=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

592e4d1835429b83456573242ac88bb14dac49923173813eeaa78537bb7620f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23305
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 A-nZaVZS7eiJsOYD1iA4s72u_0-KUry9T0MxSfFDW-Y1ZnLFYNOZWPha-9RbbbhCcSkIoUq4zRosq2JCXCN9MjU=s0
lh3.googleusercontent.com/ 11 KB
11 KB 25ms
17ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/A-nZaVZS7eiJsOYD1iA4s72u_0-KUry9T0MxSfFDW-Y1ZnLFYNOZWPha-9RbbbhCcSkIoUq4zRosq2JCXCN9MjU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1b54b66edcb0c239350b409ff86ba3195fa5c6455b0251e76d910ba4fc091be1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11370
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 4Ucgojd1zcp6yuO2c_wauKtFgWTowULeUMseH4CrMyondFLM9ja5W1n7Ri43PaIsYCO3tZn9ENQN6NixM7FExjc=w16
lh3.googleusercontent.com/ 470 B
495 B 28ms
21ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/4Ucgojd1zcp6yuO2c_wauKtFgWTowULeUMseH4CrMyondFLM9ja5W1n7Ri43PaIsYCO3tZn9ENQN6NixM7FExjc=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6d5dce43acba1416db19f39d22d8db0dd7dd366ff39b15ca5f1752e8d7ec5d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 2aQfFx7V0PzCB3KbXxSufzBHIvQk3PeN8oFw7f_2QGIaPk5tYEgK4minX5s9PrNyY5YDcK1AlHQ6ofOs3BSgFa8=s0
lh3.googleusercontent.com/ 11 KB
11 KB 30ms
23ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/2aQfFx7V0PzCB3KbXxSufzBHIvQk3PeN8oFw7f_2QGIaPk5tYEgK4minX5s9PrNyY5YDcK1AlHQ6ofOs3BSgFa8=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7d5beae7ebc2c7ce5cb8e194dd48e0229ab6f36e09623713865cceaac4bb4b08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11685
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 PwS1lUC3pTSJsQ9h1n9Odg_T2NC6uOiAnzrk4Vrii1mF8jK-A175kIc7009Hfw1o9PP29SA_GsWGWyshxeEZOg=w16
lh3.googleusercontent.com/ 359 B
384 B 28ms
21ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/PwS1lUC3pTSJsQ9h1n9Odg_T2NC6uOiAnzrk4Vrii1mF8jK-A175kIc7009Hfw1o9PP29SA_GsWGWyshxeEZOg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

53d57168540bb85fb843de9e649053e8fbf95a30d151b5cc30c7e704b7669a69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 359
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H3 200 Mo0R9Kck1-TrUbpY-BtG8gsXL3gIjG3i38himnwoP62f_0ju1o6CqN-IjmHobFiAgOdjMMx2riIYuVDsm1fytQ=s0
lh3.googleusercontent.com/ 11 KB
11 KB 29ms
21ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Mo0R9Kck1-TrUbpY-BtG8gsXL3gIjG3i38himnwoP62f_0ju1o6CqN-IjmHobFiAgOdjMMx2riIYuVDsm1fytQ=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

96fe92f97fc2c54b47fc3a8b6ab7788ea64be5925bfeb8378cf7753b397a2778

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11700
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 FpuR4uiuKkfBQT_GxFHYR0FlEFmf_u-p4VfuisNGkerYP9DGW0pNWiu0IrHp1SH2rbgNn2Tj2lyl5z84_X3fAw=w16
lh3.googleusercontent.com/ 372 B
397 B 30ms
23ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/FpuR4uiuKkfBQT_GxFHYR0FlEFmf_u-p4VfuisNGkerYP9DGW0pNWiu0IrHp1SH2rbgNn2Tj2lyl5z84_X3fAw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b494764a83e1a3fb8c887deedf8c8a87edf40697e45f21a357fcf61d6a55c5c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 372
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H3 200 QPG4qMIXZUmQTcJ4D9xgWlLfOBJ2MKL1OO6jkx6_wpV4dGHyQg02zzKQrMc8l2uus8DJQ1Nf55YsRuyeGfBl0Q=w16
lh3.googleusercontent.com/ 4 KB
4 KB 29ms
22ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/QPG4qMIXZUmQTcJ4D9xgWlLfOBJ2MKL1OO6jkx6_wpV4dGHyQg02zzKQrMc8l2uus8DJQ1Nf55YsRuyeGfBl0Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c9944716a10b83ea2b631e2fc091a3f4a289cdf835abcaab5b694065808092f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3595
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H3 200 cCFO7yLkSa-ts_arhdZf_aC1sOLc9hLocIvcxiHbbkrrpveLMWcf9C_H_jAEul0gdsfjzRmfW7Gs2vKgBQhr=w16
lh3.googleusercontent.com/ 4 KB
4 KB 39ms
31ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/cCFO7yLkSa-ts_arhdZf_aC1sOLc9hLocIvcxiHbbkrrpveLMWcf9C_H_jAEul0gdsfjzRmfW7Gs2vKgBQhr=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b7893a230766dd48285139bdfe35565e504f0b3b68cfc856da3dc81db307569a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3590
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 D7z2zipPmglmhTjJwZwKvXJPE-V5Rq132DXiglIwCYAMGbDn_5Rk3nGdchi8DbhhvgV0Xga_xM0HALbQJTsWJg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 36ms
28ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/D7z2zipPmglmhTjJwZwKvXJPE-V5Rq132DXiglIwCYAMGbDn_5Rk3nGdchi8DbhhvgV0Xga_xM0HALbQJTsWJg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

36dc7363f42099049f12e0c5c85c0f016832875021ba68c3d2f83045594ffac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3603
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 vVYmxK2XMUedNe4YRIfjrD_s0BT-rQJSlpuzAkX70jh8ZlmIa6UEsXe9uEj01ByAcEU6BBzoArj1ilGlQaIfNU8=w16
lh3.googleusercontent.com/ 989 B
1020 B 38ms
31ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vVYmxK2XMUedNe4YRIfjrD_s0BT-rQJSlpuzAkX70jh8ZlmIa6UEsXe9uEj01ByAcEU6BBzoArj1ilGlQaIfNU8=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2dcf66df3032042a56e661d5be35ba4f3af5328d29e4698ee8fd0ba4b88cc932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 989
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 j_BOK0pGtIfJaRfyaVlqkJ4pXPlmfovvMhRTqPSiSOzDb7IUlPTD-jr8gbzx59rEn1f9rWVuzi_6mKak7gBIcg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 38ms
30ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/j_BOK0pGtIfJaRfyaVlqkJ4pXPlmfovvMhRTqPSiSOzDb7IUlPTD-jr8gbzx59rEn1f9rWVuzi_6mKak7gBIcg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1e843b8b1f0971ce91d1d7e45e35e23dbb6008cdc3a859f9d42e384cf05650fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3635
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 XxHiFvI9dKr750--158mq_MUk86yNI22Sy6M-6moaf52Sf1OySQYP206ajfjJ7ZU7xthndzwAl_S3u1d_mlifg=w16
lh3.googleusercontent.com/ 4 KB
4 KB 38ms
30ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/XxHiFvI9dKr750--158mq_MUk86yNI22Sy6M-6moaf52Sf1OySQYP206ajfjJ7ZU7xthndzwAl_S3u1d_mlifg=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e689d74f8c13a43ef8a9c23c84db00756e7841b4e5e56267ad7216d8509fabe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3637
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H3 200 ibR-_UQ2KTi-8-dRq9XizRZ_OHJJAIukkqinGXXBY_dw40KzH8mN7u3xcdVpOz3BfgSGHdbu4k51Dcq8NGvdfw=w16
lh3.googleusercontent.com/ 4 KB
4 KB 36ms
28ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ibR-_UQ2KTi-8-dRq9XizRZ_OHJJAIukkqinGXXBY_dw40KzH8mN7u3xcdVpOz3BfgSGHdbu4k51Dcq8NGvdfw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9ca8a06fa36760ac11757bf1454f1a8dfd50150e294520a91e6864d29f7fde8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:05 GMT
x-content-type-options: nosniff
age: 13387
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3590
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 kl8d1RT9PzBbw8I_a2DAJq5k2hQCCoPa4z_JXEd3ob4F3Y8ZZJnQDHjm-vf1CSpDz8GGu3KjjTGBrXoDDmR-tA=w16
lh3.googleusercontent.com/ 4 KB
4 KB 36ms
29ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/kl8d1RT9PzBbw8I_a2DAJq5k2hQCCoPa4z_JXEd3ob4F3Y8ZZJnQDHjm-vf1CSpDz8GGu3KjjTGBrXoDDmR-tA=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b860877347b5fb701c185e3040e04fecca7506822e712f1a8074554ef513925d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3633
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 KNxVkBE3HuxDJCQRRN0d5xhxT1HvdQWWdDnL6V__s4PKXbWyzHa-vjT3YJ3ffPEhr4BFVPT_jFY-vwJ911Pvgg=s0
lh3.googleusercontent.com/ 40 KB
40 KB 32ms
24ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/KNxVkBE3HuxDJCQRRN0d5xhxT1HvdQWWdDnL6V__s4PKXbWyzHa-vjT3YJ3ffPEhr4BFVPT_jFY-vwJ911Pvgg=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

94052c1920fe8b6b2e791f362c8a4247e50f0abcab5e61225d3f3a2414c73a43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40953
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 xcKH-psfmH3qKpC_YGzD-RPgBOp44oRUHeUCTLvbu5SPEQgqSHJe30QmAiO1S89OPrP3HazPzNmXkx08sYax=w16
lh3.googleusercontent.com/ 3 KB
4 KB 36ms
28ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/xcKH-psfmH3qKpC_YGzD-RPgBOp44oRUHeUCTLvbu5SPEQgqSHJe30QmAiO1S89OPrP3HazPzNmXkx08sYax=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3705afa2ba67e76379c851b704bb0db8ed87656a819209c28b63d2321343fcd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3558
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H3 200 jFaEUoP8X9vaRZw6RGfJQkvUEoyN77j7jL1a2A3D7fDmi2T1hVfFiosQx1fVTMbE11R78C2crAdZN4U6jb2qpw=w16
lh3.googleusercontent.com/ 609 B
634 B 34ms
26ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/jFaEUoP8X9vaRZw6RGfJQkvUEoyN77j7jL1a2A3D7fDmi2T1hVfFiosQx1fVTMbE11R78C2crAdZN4U6jb2qpw=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

64369b56b87a6a6a37ce6c800d296e77b379c49fff9cb2a556c5f8ad3ccb4b36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 609
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 elbvmbwpfj9i1ySvIdthV664QtJNM-G-UCu-3dvhJWkwIH6Uk9jTHUmHcFymUPuRYw8IJ_5JK7VzfDGUtVIC=w16
lh3.googleusercontent.com/ 3 KB
4 KB 36ms
29ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/elbvmbwpfj9i1ySvIdthV664QtJNM-G-UCu-3dvhJWkwIH6Uk9jTHUmHcFymUPuRYw8IJ_5JK7VzfDGUtVIC=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fdeca2cfc516555aacf01d48f855898eaddc3467cbb92d8b8e30e91a61a3e409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3565
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 IefkQHAicGwTOCYg6VK3TQ6XWkKQJ_p70pZapTxpg24fxFMlOgigjkKOrxOisX-416NhZm87f4g8VdXFlfSgaQ=w16
lh3.googleusercontent.com/ 4 KB
4 KB 34ms
27ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/IefkQHAicGwTOCYg6VK3TQ6XWkKQJ_p70pZapTxpg24fxFMlOgigjkKOrxOisX-416NhZm87f4g8VdXFlfSgaQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

908362cc3d83780a006474ebea417be9ff9e9f92175e4295c990747e211507d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3759
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 27 Dec 2021 11:16:46 GMT

GET
H2 200 center.js Show response
js.center.io/ 12 KB
5 KB 77ms
16ms Script
application/javascript 2a00:1450:4001:831::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/center.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:35:41 GMT
content-encoding: gzip
server: Google Frontend
age: 271
etag: "OMWYXg"
content-type: application/javascript
x-cloud-trace-context: f38e93c8be9344ec31aefd75914ac82a
cache-control: public, max-age=300
content-length: 5417
expires: Thu, 30 Dec 2021 20:40:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 151 KB
51 KB 66ms
25ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b093c261affa5d45611d1077d820f6172533ac8e8d69997da830e18ac0ed1a46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51608
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Dec 2021 20:40:12 GMT

GET
H3 200 hhvF0o8vq1JU8Su47GsC5kYltqwZopzco6fj8KYORAgpWwoAG_g1_T7C48ffpWXbrKQZ4E4DJNDLdCqyljY-=w16
lh3.googleusercontent.com/ 1001 B
1 KB 34ms
27ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/hhvF0o8vq1JU8Su47GsC5kYltqwZopzco6fj8KYORAgpWwoAG_g1_T7C48ffpWXbrKQZ4E4DJNDLdCqyljY-=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

38ce40f41757c9b666dbd3594af6fb2a4910f7521da1d65e697af42e6cdad7d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1001
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H3 200 uHBZZEw-Dy6jrRw8PLd2KK4ileLESptFfgRyi_eWfQSJO7O5awMFsWXdZDXBbzJFjnIdD_-KtmJytRYsFDXCc5Q=w16
lh3.googleusercontent.com/ 992 B
1017 B 30ms
23ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/uHBZZEw-Dy6jrRw8PLd2KK4ileLESptFfgRyi_eWfQSJO7O5awMFsWXdZDXBbzJFjnIdD_-KtmJytRYsFDXCc5Q=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cdf6aa48e94cc037d933692c5de29571fe81e66b73a9cc57f82614dcd25806a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 992
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 HDRZ7c0fpyrR3bPB7JuIhUELHJefeLGMFgyW2C8gvyJbxP-7kNCkwm_t9dj6walSbl6mVxQG-Rl7AnG6oM2e=w16
lh3.googleusercontent.com/ 1003 B
1 KB 33ms
26ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/HDRZ7c0fpyrR3bPB7JuIhUELHJefeLGMFgyW2C8gvyJbxP-7kNCkwm_t9dj6walSbl6mVxQG-Rl7AnG6oM2e=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c99e1eaa85d260995d9712261a68944fbf1501210fc0b72fd69286218c58a39e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1003
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 22 Dec 2021 18:45:24 GMT

GET
H3 200 69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16
lh3.googleusercontent.com/ 402 B
427 B 33ms
26ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/69sR3zl7OQXHha5zISOT9Qs_uPsC2eWA24Uz9jHOlC0EQ7m2eXpdFA16yOsiJi4VUouyBI5hnOAkNv6I336wk0ZjxlYKzsv0AQ=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 24 Dec 2021 11:07:26 GMT

GET
H3 200 ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0
lh3.googleusercontent.com/ 22 KB
22 KB 31ms
24ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ywepIvZWgcttUdC8IQpQqjtwTb4Xsin1ylNVOVfr8PFIslp83xYxlJQ0wu9l2xNq8m9ls_9oP4IbdNABkeG4_hltjwBeDAZ2vlU=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:35:17 GMT
x-content-type-options: nosniff
age: 295
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22076
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 12 Dec 2021 05:30:51 GMT

GET
H3 200 e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16
lh3.googleusercontent.com/ 402 B
427 B 32ms
25ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/e-cxxgIJnJYF5UUFPHCqxuUprD6vZN1q1-4dG1G2n84yArjC-kQnnCHfiQhmXAF0pI4Gfbo_kDBAVyYgMk06qvdi5MWrFIiwwF8=w16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:08 GMT
x-content-type-options: nosniff
age: 4
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 402
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 17 Nov 2021 22:11:20 GMT

GET
H3 200 ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0
lh3.googleusercontent.com/ 39 KB
39 KB 28ms
21ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/ZPiXT_syxe3P562Qx0SCYAlvVY6OlKnTOzMWR7E97WpuNu8ec68AMttCQCBOW3d_qtq5wmnwzckoMhSbrpC6nT9LkEXXNfxEx3I=s0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:08 GMT
x-content-type-options: nosniff
age: 4
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39437
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 18:01:43 GMT

GET
H2 200 embed.js Show response
embed.lpcontent.net/leadboxes/current/ 42 KB
15 KB 47ms
8ms Script
application/javascript 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:35:23 GMT
content-encoding: gzip
server: Google Frontend
age: 289
etag: "uPB0kA"
content-type: application/javascript
access-control-allow-origin: *
x-cloud-trace-context: a8f7ab52a47b9ce84c3af190b807a07b
cache-control: public, max-age=300
alt-svc: clear
content-length: 14811
via: 1.1 google
expires: Thu, 30 Dec 2021 20:40:23 GMT

GET
H3 200 iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=s16
lh3.googleusercontent.com/ 406 B
436 B 29ms
27ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=s16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

48e6569cf06d8b950da3926d80fe1528f7ebaf32cd060d43ee3d79a722cb5387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 16:57:06 GMT
x-content-type-options: nosniff
age: 13386
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 406
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:48 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v40/ 31 KB
32 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v40/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 03:21:25 GMT
x-content-type-options: nosniff
age: 148727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31624
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:16:38 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Dec 2022 03:21:25 GMT

GET
H2 200 fa-solid-900.woff2
static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/ 78 KB
79 KB 27ms
8ms Font
font/woff2 34.107.203.240
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by: Host: static.leadpages.net
URL: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 240.203.107.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658

Request headers

Referer: https://static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sun, 12 Dec 2021 04:34:18 GMT
via: 1.1 google
server: Google Frontend
age: 1613154
etag: "uPB0kA"
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: bdf5dbd8dabb5033323b201cf1000d97
cache-control: public, max-age=31536000
alt-svc: clear
content-length: 80148
expires: Mon, 12 Dec 2022 04:34:18 GMT

GET
H3 200 yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w470
lh3.googleusercontent.com/ 123 KB
123 KB 9ms
9ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/yOJm_1ADzLe0AP2tlMvRVmjvDvM4wuDBpf_D2GXgbrW1LjjlVfWT2a4bPWUBlmt6Op-h_UYvBregPOnqv7qbkezGchYraY5fqEY=w470

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d6c652b770391aba1eb4c71ad06b1b858ee1f8d13152aef29cab9cd2f4e3c2b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:09 GMT
x-content-type-options: nosniff
age: 3
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126204
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 30 Dec 2021 19:23:57 GMT

GET
H3 200 vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w696
lh3.googleusercontent.com/ 44 KB
44 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/vJLWFRfsRIbtTQe5ow6pPnxzogPou4F7w1zGmiCK5FUmc5RgMeDgt4K9Qdu8JhfN-FxJsqTDhYGJWoptSUSjOauZ1fcMgpl4Djw=w696

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

255f497324a8823e617af3b9135771124c5a124b3d2d77ddae68e9b6a780d049

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:09 GMT
x-content-type-options: nosniff
age: 3
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44913
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 31 Dec 2021 20:40:09 GMT

GET
H3 200 iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=w1600
lh3.googleusercontent.com/ 149 KB
149 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/iS2ge-KgqHQ8_ZvAsS2DQpcNU1Izc--5dzCcuRMuTrmH0FPjtF8clVexp-l-2L5laaJqcoBCHSl8l3e7zYGKEQ=w1600

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7b93501d3965ccc6d249f71312e04eebbab373bf305e1af92c2c668dd6eb3bdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:09 GMT
x-content-type-options: nosniff
age: 3
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 152335
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 31 Dec 2021 20:40:09 GMT

GET
H2 200 identify.html Show response
js.center.io/ Frame 7347 4 KB
2 KB 17ms
16ms Document
text/html 2a00:1450:4001:831::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.center.io/identify.html
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/

Response headers

date: Thu, 30 Dec 2021 20:35:20 GMT
expires: Thu, 30 Dec 2021 20:40:20 GMT
etag: "OMWYXg"
x-cloud-trace-context: d223b9e3c0dc2b53af28ea651102d15f
content-type: text/html
content-encoding: gzip
server: Google Frontend
content-length: 2016
age: 292
cache-control: public, max-age=300

GET
H3 200 everflow.js Show response
www.behindthemarkets-btm.com/scripts/sdk/ 58 KB
19 KB 97ms
60ms Script
text/javascript 2606:4700:3032::ac43:d48e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:d48e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2037
cf-ray: 6c5e14f82c73374f-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 30 Dec 2021 20:06:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0oE3DoY78eR2hlXX6QOfH9plb89j%2B91aP%2F%2B96XZwH%2FuS3GGVmD1dFEhVH1obexnq1LnHdoVE0QqCxIxjWo02AIfLkK%2FsJIajQHZKK6B5vaguPob0sw3yp0cHIaMg5r%2BJdBiwNoio4rIQXJb%2FP4Ec83e9dvB2itN%2F4QhH"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: 6c9b36fb-a6ef-43ed-8387-5aca0fdf9320

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 25ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: 2MSsz0piVSeAZFZfqCdqPmlsKsWfIsswaqrEnK0H0gymhWnqGR1wDSxWHXTpoVsJMcupC8ki+Du+QyfCssVieQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 30 Dec 2021 20:40:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ld.js Show response
static.criteo.com/js/ld/ 40 KB
13 KB 75ms
22ms Script
text/javascript 178.250.2.130
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.com/js/ld/ld.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: gzip
last-modified: Tue, 14 Dec 2021 12:51:58 GMT
server: nginx
etag: W/"61b8936e-9faf"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 31 Dec 2021 20:40:12 GMT

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 62ms
16ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 6V04VEP09M3V7PCM
cdn-cachedat: 12/27/2021 13:08:35
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: LD9d8nA+10ZcDA41fXBnusNwbVsqtA5GvLE13ZX0//7Jsd+r/kTyz08r/oetE3yQMFnMJUSaNes=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 18:00:01 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: d764ac0f77f82cd0fd50eba53de9b974
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 7 KB
3 KB 43ms
19ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dde825a230bff46319e157e995c84bc72%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Drudyclaude4%2540gmail.com%26iocid%3D%26aff%3D82&f=1&r=0.6738761783446139
Requested by: Host: go.behindthemarkets.com
URL: https://go.behindthemarkets.com/btm-5g-arrow-sandia/?_ef_transaction_id=de825a230bff46319e157e995c84bc72&utm_source=82&utm_campaign=&utm_medium=&id=rudyclaude4%40gmail.com&iocid=&aff=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: c38991b1a84a3d1f232b320e4d69d964b9e70ae8b7abe2534168a20d13e8c5a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 20:40:12 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/events/ 35 B
684 B 353ms
121ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=hZGr8CiB4GvxgUHU6eUyhA&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=zNbwg8FDLprpchRr5TyRFd&sid=vzCTwMi9foFb3yJU8oQQ9u&cid=lp-hZGr8CiB4GvxgUHU6eUyhA&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dde825a230bff46319e157e995c84bc72%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Drudyclaude4%2540gmail.com%26iocid%3D%26aff%3D82&rf=&rx=1600&ry=1200&tz=%2B00%3A00
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 194.36.108.18
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 01rc3k66sktib3t3153g

GET
H3 200 3070500746422546 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 17ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/3070500746422546?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f01d328da36d9b4e49aeb374f891ecf7607b9b8e070b8cd1d903f85ef737505c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88828
x-xss-protection: 0
pragma: public
x-fb-debug: ODdSz80BW1ne6mRut7WAh051NxS/QuuiE795FUWqwJBR5MSBb4EwombKiK2OSbyv+9GkzRkZ1Ahz5I9VxO92bw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 30 Dec 2021 20:40:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 tag-7fff30539c67268d3314160ced0f55eb.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 165 KB
47 KB 39ms
30ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-7fff30539c67268d3314160ced0f55eb.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=601261&u=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dde825a230bff46319e157e995c84bc72%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Drudyclaude4%2540gmail.com%26iocid%3D%26aff%3D82&f=1&r=0.6738761783446139
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: c738284f75e3341a9c6d926d8339175cde993cde6cdf7f02ec040c8fb109ac4a

Request headers

Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
last-modified: Thu, 23 Dec 2021 11:49:00 GMT
server: gfra1
etag: "61c4622c-baa7"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47783
via: 1.1 google

GET
H3 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 102ms
94ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=601261&d=go.behindthemarkets.com&u=D3B444C3B706AE55580F2B9C38BE54B81&h=fde46dd3b492788577f7d620c4ea9ccb&t=false&r=0.5455298718391353

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:12 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 17ms
15ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: VCA1R2SZ4AWX0CTB
cdn-cachedat: 12/27/2021 13:11:05
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: N5LBiQCmx8INUmh5vdqUvePSAVCk04hbGdF2qHFAG55v10/okwGZRElvAdTsY+0nfPBXhILm+ng=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:40 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: d9e7f9c120647c4f80d752189a1b9b98
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 25ms
23ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: KEF06V07KQC2F98P
cdn-cachedat: 12/27/2021 12:57:02
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: obBXz3NI+1lqoBohXjDcXOB+eq7MgUirNEE1ZVj6gUxdX/qkMBTzp0dtxgvZc9BTtR0lmkekRbU=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:40 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: a898f3924cc2d3a3febbc36c87f881ea
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 25ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dde825a230bff46319e157e995c84bc72%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Drudyclaude4%2540gmail.com%26iocid%3D%26aff%3D82&rl=&if=false&ts=1640896812873&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1640896812872.252513584&it=1640896812822&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 30 Dec 2021 20:40:12 GMT

GET
H3 200 tag-473093ac15f1194dc11f42c560a2a3d4.js Show response
dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/ 99 KB
26 KB 8ms
8ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/tag-473093ac15f1194dc11f42c560a2a3d4.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-7fff30539c67268d3314160ced0f55eb.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 4e0633d424a3fa75224915e45b812ff3461bebe976a8029835de054e4cb75c9f

Request headers

Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
last-modified: Thu, 23 Dec 2021 11:49:00 GMT
server: gfra1
etag: "61c4622c-65e5"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26085
via: 1.1 google

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 1 KB
771 B 13ms
12ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=601261&settings_type=1&vn=7.0&r=0.725636345948651&exc=2|3
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-7fff30539c67268d3314160ced0f55eb.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: a4390b6b85f4380e41e726b280b27c3de735ed8047fb72dbb3861b7ae23de047

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
via: 1.1 google
server: gfra1
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3918
date: Thu, 30 Dec 2021 19:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 30 Dec 2021 21:34:54 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 6F5A 9 KB
4 KB 55ms
18ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag

Requested by

Host: static.criteo.com
URL: https://static.criteo.com/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

133be2ab152b1c9f408e9a597430361539cf3b8255a0a92f8a8a8a885e079702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2732
date: Thu, 30 Dec 2021 20:40:12 GMT
content-length: 4161
strict-transport-security: max-age=31536000; preload;

GET
H3 200 worker-70faafffa0475802f5ee03ca5ff74179.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 47 KB
13 KB 8ms
8ms XHR
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-7fff30539c67268d3314160ced0f55eb.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: br
last-modified: Thu, 23 Dec 2021 11:48:59 GMT
server: gfra1
etag: "61c4622b-351f"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13599
via: 1.1 google

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 30ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=835022010&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dde825a230bff46319e157e995c84bc72%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Drudyclaude4%2540gmail.com%26iocid%3D%26aff%3D82&ul=en-us&de=UTF-8&dt=World%20War%205G&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1133387689&gjid=1079071844&cid=1113465825.1640896813&tid=UA-102395123-1&_gid=788113306.1640896813&_r=1&gtm=2wgc10WNRH3TX&cd1=82&cd2=de825a230bff46319e157e995c84bc72&z=840034642

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 6F5A
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=behindthemarkets.com&sn=ChromeSyncframe&so=0&topUrl=go.behindthemarkets.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=2guYNHx6U0pMYUtJNzNTbmdva0pycElBcE04bFRkNytQa0hycEZORE5OTzFkczZTOUZYektDekJ1VHFvS1Z2bmdXUkJiekFuMTNVRFo3NlhuenhyeHdmb3E5ZUQzbTVXNGI2ZzFxRkcwaVRONGNDY2s5M3oxSTEzcnhSdE...

473 B
661 B

65ms
25ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=2guYNHx6U0pMYUtJNzNTbmdva0pycElBcE04bFRkNytQa0hycEZORE5OTzFkczZTOUZYektDekJ1VHFvS1Z2bmdXUkJiekFuMTNVRFo3NlhuenhyeHdmb3E5ZUQzbTVXNGI2ZzFxRkcwaVRONGNDY2s5M3oxSTEzcnhSdEE5ZWV4TTA4bStsSWpNSGlVY0tWTEg3aEhXYUl4TWlpN0ZpNERjLzhpQlBFTFhMRG5rL0xQNWNDbG1xcWwwL0xOb0NnV3hZalpyMit2UjBLOVdjYzZXS0xyenNLRXVrNVJFRjhWK1FHa3VjMnAzVm0ybWRHRWcrOEdNaWYxclJ5TERTZVRublhGMmFIOERaaU1md0N1NTBYWWRYQVNWclNWMDg5dzJIWWlibVpBZ0NFbE0wTT18&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

716cf2dcc6d58e352b1d85418884bcde8cdf2742aaa77d46da4486bb13dee081

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:12 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4162
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:12 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=2guYNHx6U0pMYUtJNzNTbmdva0pycElBcE04bFRkNytQa0hycEZORE5OTzFkczZTOUZYektDekJ1VHFvS1Z2bmdXUkJiekFuMTNVRFo3NlhuenhyeHdmb3E5ZUQzbTVXNGI2ZzFxRkcwaVRONGNDY2s5M3oxSTEzcnhSdEE5ZWV4TTA4bStsSWpNSGlVY0tWTEg3aEhXYUl4TWlpN0ZpNERjLzhpQlBFTFhMRG5rL0xQNWNDbG1xcWwwL0xOb0NnV3hZalpyMit2UjBLOVdjYzZXS0xyenNLRXVrNVJFRjhWK1FHa3VjMnAzVm0ybWRHRWcrOEdNaWYxclJ5TERTZVRublhGMmFIOERaaU1md0N1NTBYWWRYQVNWclNWMDg5dzJIWWlibVpBZ0NFbE0wTT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2082
content-length: 567
expires: 0

POST
H2 200 / Show response
sumo.com/api/load/ 875 B
1 KB 500ms
163ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

5dfee92eee9c1b99cfdb01ba3e96fed999c8170236011abac2adf036ddf8eee7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 875

GET
H/1.1 200
OK capture
api.leadpages.io/analytics/v1/observations/ 35 B
355 B 252ms
115ms Image
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=23,239,217,480,107,484,809,810,1303,1308
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 194.36.108.18
Content-Type: image/gif
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
Connection: keep-alive
x-request-id: 01rc3k75prcmg0bdnmk0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 61ms
20ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-102395123-1&cid=1113465825.1640896813&jid=1133387689&gjid=1079071844&_gid=788113306.1640896813&_u=YEBAAEAAAAAAAC~&z=1797839057

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 55ms
31ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=1113465825.1640896813&jid=1133387689&_u=YEBAAEAAAAAAAC~&z=80988767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 56ms
32ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-102395123-1&cid=1113465825.1640896813&jid=1133387689&_u=YEBAAEAAAAAAAC~&z=80988767

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

event Show response
widget.us.criteo.com/
Redirect Chain

https://sslwidget.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN...
https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN...

7 KB
8 KB

345ms
147ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN3QkdGQkRxa3MySVdOaDRBOGk4VnRNZnYlMkYzMFJ0eHlFVWJVJTJCaEl4ekpxdVU5bHYwMUpuYWZlWHU0ZW9heTIxVFRqY1NoS1dSM2slMkZNdFJrZk1PM0RGQzcwdXFBTlJ1b0pyQXJLMG5VQzElMkJCbFZKMEZrJTJCRmg5a1V2JTJCaWFzSGZZSHVOUTR2V21zZG02dEdTTiUyQmNydGtNTnQlMkJwbyUzRA&tld=behindthemarkets.com&dtycbr=80531

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

8438d1f8e7adc05e9ebb829cfeba1d2f3031f53878b7cc29b3cb207ba44a8a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: application/x-javascript
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 49060098
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:12 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
location: https://widget.us.criteo.com/event?a=92572&v=5.8.1&p0=e%3Dce%26m%3D%255B%255D%26h%3D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvp%26p%3D1&p3=e%3Ddis&adce=1&bundle=2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN3QkdGQkRxa3MySVdOaDRBOGk4VnRNZnYlMkYzMFJ0eHlFVWJVJTJCaEl4ekpxdVU5bHYwMUpuYWZlWHU0ZW9heTIxVFRqY1NoS1dSM2slMkZNdFJrZk1PM0RGQzcwdXFBTlJ1b0pyQXJLMG5VQzElMkJCbFZKMEZrJTJCRmg5a1V2JTJCaWFzSGZZSHVOUTR2V21zZG02dEdTTiUyQmNydGtNTnQlMkJwbyUzRA&tld=behindthemarkets.com&dtycbr=80531
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3196496
timing-allow-origin: *
content-length: 0
expires: 0

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 346ms
122ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=CPJZXZPjNMJD5WvtozEgMx&kind=timer&label=lb_embed_embed_script_load&value=141.39999961853027
Requested by: Host: embed.lpcontent.net
URL: https://embed.lpcontent.net/leadboxes/current/embed.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: Stargate
access-control-max-age: 600
X-Forwarded-For: 194.36.108.18
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true
x-request-id: 01rbvqdg5ofdf7fnjepg

GET
H3 200 click Show response
www.behindthemarkets-btm.com/sdk/ 22 B
672 B 192ms
192ms Fetch
application/json 2606:4700:3032::ac43:d48e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.behindthemarkets-btm.com/sdk/click?effp=8f4a98b784dbfeb6e58acdff02b2c0e5&_ef_transaction_id=de825a230bff46319e157e995c84bc72&oid=&affid=&__cc=&async=json
Requested by: Host: www.behindthemarkets-btm.com
URL: https://www.behindthemarkets-btm.com/scripts/sdk/everflow.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:d48e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa36f7b55e498e48e34e35e18ada3035fc59a6f1c4e48ae702097cb08ada6689

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-eflow-request-id: c83c7248-3b60-4925-b2a9-dbd4b2bbcb48
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OGgjsVj3P5pmzjEJqc8pFBx7lZUPpW81Y6sOFOX9BfUIe2Nck7rP%2BRPbK3lpZd%2B9smSfI5kibaTgIEDiO9xDyMGMWsDcoXCPAMAkJwFYGp%2FlrEMuJtKKmiVTU1Dw6QOXgHQu8Jk%2F4hVtjUvh24HhlO8NUxvEeAmihT%2FX"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
cf-ray: 6c5e14facb13374f-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 22

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 18ms
9ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=3070500746422546&ev=Microdata&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-5g-arrow-sandia%2F%3F_ef_transaction_id%3Dde825a230bff46319e157e995c84bc72%26utm_source%3D82%26utm_campaign%3D%26utm_medium%3D%26id%3Drudyclaude4%2540gmail.com%26iocid%3D%26aff%3D82&rl=&if=false&ts=1640896813376&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22World%20War%205G%22%2C%22meta%3Akeywords%22%3A%22%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22World%20War%205G%22%2C%22og%3Adescription%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1640896812872.252513584&it=1640896812822&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Thu, 30 Dec 2021 20:40:13 GMT

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 160ms
160ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Origin: https://go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 30 Dec 2021 20:40:13 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

POST
H2 200 services Show response
sumo.com/ 205 B
603 B 297ms
297ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: ySGHlvrdzDfoiBDUhIpkjQEH
Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
vary: Origin, Accept-Encoding
server: nginx
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 205

GET
H2

200

397596.gif
idsync.rlcdn.com/ Frame 46D2
Redirect Chain

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397596.gif?partner_uid=g7SX5y9GJB_q4EJ8S_WUzmiEbYeYuIbj

42 B
417 B

42ms
16ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397596.gif?partner_uid=g7SX5y9GJB_q4EJ8S_WUzmiEbYeYuIbj
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 30 Dec 2021 20:40:13 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397596.gif?partner_uid=g7SX5y9GJB_q4EJ8S_WUzmiEbYeYuIbj
date: Thu, 30 Dec 2021 20:40:12 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2664
content-length: 197
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 46D2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay0zYWlzbXRFVWU5bHBLWnV0ZWViVmNIMGxKY2hrUTNxLUR1NldxZw
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay0zYWlzbXRFVWU5bHBLWnV0ZWViVmNIMGxKY2hrUTNxLUR1NldxZw&google_tc=
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
369 B

14ms
14ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 255020
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

/
partner.mediawallahscript.com/ Frame 46D2
Redirect Chain

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&custom=&tag_format=img&tag_action=sync&custom=&cb=887d04de-ffca-47db-8977-f3fa412...
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=887d04de-ffca-47d...

0
638 B

31ms
31ms

Image
text/plain

34.254.114.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=887d04de-ffca-47db-8977-f3fa412d443b&final=true&reqid=b06df700-69b0-11ec-a021-f92b1516b17b&timestamp=2021-12-30T20%3A40%3A13.680Z
Protocol: HTTP/1.1
Server: 34.254.114.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-114-92.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Server: nginx/1.18.0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: nginx/1.18.0
Vary: Accept, Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /?account_id=1043&partner_id=1048&uid=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=887d04de-ffca-47db-8977-f3fa412d443b&final=true&reqid=b06df700-69b0-11ec-a021-f92b1516b17b&timestamp=2021-12-30T20%3A40%3A13.680Z
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 294
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3

200

m
cm.mgid.com/ Frame 46D2
Redirect Chain

https://cm.mgid.com/m?cdsp=617660&c=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg
https://cm.mgid.com/m?c=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&cdsp=617660&sct=1

43 B
500 B

124ms
111ms

Image
image/gif

104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?c=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&cdsp=617660&sct=1
Protocol: H3
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6c5e14fdbaf56907-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location: https://cm.mgid.com/m?c=k-3aismtEUe9lpKZuteebVcH0lJchkQ3q-Du6Wqg&cdsp=617660&sct=1
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6c5e14fce83c7022-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 46D2 0
444 B 37ms
8ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame 46D2 43 B
715 B 111ms
34ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Thu, 30 Dec 2021 20:40:13 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame 46D2
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-GDt_FtEUe9lpKZuteebVcH0lJcj8m7ecURh6lw
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-GDt_FtEUe9lpKZuteebVcH0lJcj8m7ecURh6lw&verify=true

0
121 B

10ms
10ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-GDt_FtEUe9lpKZuteebVcH0lJcj8m7ecURh6lw&verify=true

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-GDt_FtEUe9lpKZuteebVcH0lJcj8m7ecURh6lw&verify=true
date: Thu, 30 Dec 2021 20:40:13 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 46D2 0
476 B 402ms
102ms Image
text/plain 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-JUTigNEUe9lpKZuteebVcH0lJcg5yo5n4M96mg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Cache-Control: no-cache
X-TraceId: 8599e6c7f1ef7d2d54327410e8ec9bd7
Content-Length: 0

GET
H2 204 t.gif
cw.addthis.com/ Frame 46D2 0
425 B 169ms
128ms Image
text/plain 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-0RY-PNEUe9lpKZuteebVcH0lJciYdOQGusEgAg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-121.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 30 Dec 2021 20:40:13 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 46D2 0
239 B 412ms
92ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-0RY-PNEUe9lpKZuteebVcH0lJciYdOQGusEgAg&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: f72efbd84733ea5ba734e4e8fe0395a3
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 46D2
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-zXdHSNEUe9lpKZuteebVcH0lJcgUVS6ZEl6UjQ&seg=95287
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-zXdHSNEUe9lpKZuteebVcH0lJcgUVS6ZEl6UjQ%26seg%3D95287

43 B
1 KB

18ms
18ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-zXdHSNEUe9lpKZuteebVcH0lJcgUVS6ZEl6UjQ%26seg%3D95287

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 20:40:13 GMT
X-Proxy-Origin: 194.36.108.18; 194.36.108.18; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c0a9b52b-416c-46ad-af11-84d76a6923da
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 20:40:13 GMT
X-Proxy-Origin: 194.36.108.18; 194.36.108.18; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c8058302-1a73-44d5-9536-3ba05de69e83
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-zXdHSNEUe9lpKZuteebVcH0lJcgUVS6ZEl6UjQ%26seg%3D95287
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 46D2 42 B
671 B 59ms
14ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k--_yfn9EUe9lpKZuteebVcH0lJcj_GYOyV-tK_g
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:12 GMT
cache-control: no-store, no-cache, private
x-lat: amspug005:0:411
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

xuid
eb2.3lift.com/ Frame 46D2
Redirect Chain

https://eb2.3lift.com/xuid?mid=2711&xuid=k-9iuqv9EUe9lpKZuteebVcH0lJcizDD_z1pDt1A&dongle=013b
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-9iuqv9EUe9lpKZuteebVcH0lJcizDD_z1pDt1A&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

10ms
10ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-9iuqv9EUe9lpKZuteebVcH0lJcizDD_z1pDt1A&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2711&xuid=k-9iuqv9EUe9lpKZuteebVcH0lJcizDD_z1pDt1A&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date: Thu, 30 Dec 2021 20:40:13 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 cksync.php
contextual.media.net/ Frame 46D2 45 B
781 B 99ms
52ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-BelyZtEUe9lpKZuteebVcH0lJcguYs7hwNbwWg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Thu, 30 Dec 2021 20:40:13 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 30 Dec 2021 20:40:13 GMT

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame 46D2
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g&C=1

43 B
1 KB

28ms
28ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 30 Dec 2021 20:40:13 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 296
Expires: Thu, 30 Dec 2021 20:40:13 GMT

GET
H2 204 /
s.ad.smaato.net/c/ Frame 46D2 0
241 B 63ms
8ms Image
text/plain 2600:9000:2156:ae00:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-FhwXI9EUe9lpKZuteebVcH0lJcghZ5gmUQHs8g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ae00:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
server: CloudFront
cache-control: no-cache, must-revalidate
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 5ziBaKFUZV3jbjSXGKFM_0MQADxV2m6JMCVks_gA0rYiJpgHJS_qiw==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame 46D2
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-0ErZKdEUe9lpKZuteebVcH0lJciEHVt5IsYTLA&expires=30&user_group=5
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-0ErZKdEUe9lpKZuteebVcH0lJciEHVt5IsYTLA&expires=30&user_group=5

43 B
495 B

10ms
10ms

Image
image/gif

18.156.181.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-0ErZKdEUe9lpKZuteebVcH0lJciEHVt5IsYTLA&expires=30&user_group=5
Protocol: HTTP/1.1
Server: 18.156.181.139 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-181-139.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:13 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-0ErZKdEUe9lpKZuteebVcH0lJciEHVt5IsYTLA&expires=30&user_group=5
Date: Thu, 30 Dec 2021 20:40:13 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 pixel_sync
trends.revcontent.com/cm/ Frame 46D2 35 B
336 B 110ms
37ms Image
image/gif 99.80.164.0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trends.revcontent.com/cm/pixel_sync?bidder=151&bidder_uid=k-AhgdBtEUe9lpKZuteebVcH0lJcirQsm20QMmdg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.164.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-164-0.eu-west-1.compute.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
x-powered-by: Express
content-length: 35
content-type: image/gif

GET
H2 200 um
criteo-sync.teads.tv/ Frame 46D2 23 B
172 B 124ms
46ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-lXY_TtEUe9lpKZuteebVcH0lJchdjKbQFEuQ1Q
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 30 Dec 2021 20:40:13 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 46D2 0
231 B 82ms
19ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-QKQfx9EUe9lpKZuteebVcH0lJcjsEm2nHJCe3A
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 11878

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 46D2 43 B
163 B 73ms
17ms Image
image/gif 185.86.139.114
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-m_gwXdEUe9lpKZuteebVcH0lJcidfNUJyzPUqg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 v1
match.sharethrough.com/sync/ Frame 46D2 68 B
262 B 39ms
7ms Image
image/png 3.67.115.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-43SOA9EUe9lpKZuteebVcH0lJcgFlvBNrjCaaQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.67.115.59 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-115-59.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
content-length: 68
content-type: image/png

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 46D2
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-RTkYTNEUe9lpKZuteebVcH0lJcivK7sbOjED9Q
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-RTkYTNEUe9lpKZuteebVcH0lJcivK7sbOjED9Q

43 B
446 B

34ms
33ms

Image
image/gif

52.215.211.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-RTkYTNEUe9lpKZuteebVcH0lJcivK7sbOjED9Q
Protocol: H2
Server: 52.215.211.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-211-56.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-RTkYTNEUe9lpKZuteebVcH0lJcivK7sbOjED9Q
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

28292
i6.liadm.com/s/ Frame 46D2
Redirect Chain

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA&_li_chk=true&previous_uuid=63a1862123904c878991c058a442787d
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA

43 B
447 B

306ms
97ms

Image
image/gif

2600:1f18:444a:4602:9c05:7f25:f6a5:7205
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA

Protocol

HTTP/1.1

Server

2600:1f18:444a:4602:9c05:7f25:f6a5:7205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:15 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 92594d488f907b69
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-KpmhHNEUe9lpKZuteebVcH0lJchGpQrY0kTfVA
Date: Thu, 30 Dec 2021 20:40:14 GMT
Connection: keep-alive
trace-id: d2649d998de716de
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 200 1017
jadserve.postrelease.com/suid/ Frame 46D2 43 B
427 B 813ms
102ms Image
image/gif 3.217.216.1
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1017?vk=k-V6PBqNEUe9lpKZuteebVcH0lJchO3bvupbSDzw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.216.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-216-1.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:14 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55945/ Frame 46D2
Redirect Chain

https://pixel.advertising.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1
https://pixel.advertising.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1&apid=UPb0832d11-69b0-11ec-9fa7-02c56a2956ca

0
590 B

12ms
12ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1&apid=UPb0832d11-69b0-11ec-9fa7-02c56a2956ca

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:13 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-EllT29EUe9lpKZuteebVcH0lJch0ft6Zsv_a1A&_origin=1&apid=UPb0832d11-69b0-11ec-9fa7-02c56a2956ca
date: Thu, 30 Dec 2021 20:40:13 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 46D2 43 B
183 B 780ms
103ms Image
image/gif 2600:1f18:612b:4200:ee57:5bc8:4ac0:7a5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-5fJzGdEUe9lpKZuteebVcH0lJcjoVVBsJb2mVg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:ee57:5bc8:4ac0:7a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H/1.1

200
OK

empty.gif
cdn.stickyadstv.com/one-shot/ Frame 46D2
Redirect Chain

https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k--1n5L9EUe9lpKZuteebVcH0lJciF4Gt_aHmv6A&redirectId=69
https://cdn.stickyadstv.com/one-shot/empty.gif?

43 B
438 B

575ms
7ms

Image
image/gif

2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.stickyadstv.com/one-shot/empty.gif?
Protocol: HTTP/1.1
Server: 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:14 GMT
Last-Modified: Thu, 28 Feb 2013 15:45:35 GMT
ETag: "1362066335"
X-HW: 1640896813.dop215.fr8.t,1640896814.cds101.fr8.shn,1640896814.cds101.fr8.c
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 43

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 20:40:13 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cdn.stickyadstv.com/one-shot/empty.gif?
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1640896813811063-332
Expires: Thu, 30 Dec 2021 20:40:13 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/cdb/ Frame 46D2
Redirect Chain

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%25...
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/ttdbDd0E79MVPLgt671NCDjIMGuIgskP/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_...
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3704580831206958240

43 B
370 B

16ms
15ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3704580831206958240

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2137904
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=3704580831206958240
pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 46D2
Redirect Chain

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7463700316977324748

43 B
370 B

18ms
17ms

Image
image/gif

178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7463700316977324748

Protocol

Server

178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Dec 2021 20:40:13 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1881898
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 30 Dec 2021 20:40:13 GMT
X-Proxy-Origin: 194.36.108.18; 194.36.108.18; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5983935e-9249-48a8-beb1-4e970df4b59c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7463700316977324748
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 54ms
54ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: GB3K5C232TDGG8Y1
cdn-cachedat: 12/27/2021 13:08:37
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: bqHu7hfZp9jUAqk7l2pJEntmVaP/Yh1ZNMWlA/QYb6PRqYjLnfRxC1NwNwBRawFF3ohHFh9gudE=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:38 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: ae3c345e5ad69bd3ad33f52259c9e90c
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 32ms
32ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: X9X0Q3TBADQ2JV5V
cdn-cachedat: 12/27/2021 13:08:49
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Af50bRUdN604RnFs/jVr4/C5AvsTn345ns/6uz4QKiXt/pW9p5+LDnndXIz0jkq4TV2nrd64ArY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:17 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 247899597d1909abbe15d574a9a381fd
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 39ms
39ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: H8FR6C41AW2TQKE5
cdn-cachedat: 12/27/2021 13:09:43
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: TMouNBhhU96Fh3t0LtK9YLK+8iamSLTQwqxJB4r+0AN/zKaP4C+IlcGLSwEKrZr02CCsj54eRdw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:02 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 47bd2ff6f3df565497adc3a36bd0f23a
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 38ms
38ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 3TY6FT7Q3HVDDJSK
cdn-cachedat: 12/27/2021 07:23:23
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: XYFt4vXJczgiusbgwFGvPgx/9u3IKglnAhuIXxIM5J554lgS+dloVZpJKQvHO9hQMmwNZYXQ+Rg=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:58:50 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: eeb150cc07db2ecb5a58d58ecf6fb1fd
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 58ms
58ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ZZT9GNAK5XMKD48T
cdn-cachedat: 12/27/2021 07:23:22
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 2KeA1skXaSGp/3HPNkEAGnrLC1fyAMeGA24ppXxwHJoZ5DknWrMdJX1YoQEwv6PLinuiYUf54Mw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:04 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: fbf6e607018cc24e010b839b6d504ea1
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 38ms
38ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: DP2G3NAFAGBN2F37
cdn-cachedat: 12/27/2021 13:08:33
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: inaurtgXZ8qPhXlvBSWiuk1crvMa5b3svZsZ/p8YxBRUC9I3EdU2PB23ZfQlef1/RxBcSXtlU8g=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:04 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 24c103b37f38272e9022cfb4e15ea36b
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 33ms
33ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 3MERYWNDW994K7SQ
cdn-cachedat: 12/27/2021 13:09:43
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZQBMTnj7uzLOuY0CxZoiQNpN/cS80vs8+CVVTmwmswsomKzup1W5ibYZD8omni03rfbk8GGftp4=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:03 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 2eb17e3a2d1b05f6ce70ff1f0884b3e5
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 37ms
36ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ZEHTF7CV5WK4DTFT
cdn-cachedat: 12/27/2021 08:54:01
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: lhUzg0Wfbx6BRtsDpUJ1EZ4yCKLYXmrPtk50js+tobEcek2i2rm56nUJeotO1FV6OkFgq2E9NXo=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:35 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: d28b1dd11f7a64dc64102da0ecd45b4c
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 28ms
28ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: VZBPYECY6K84GGCD
cdn-cachedat: 12/27/2021 13:08:34
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: S4VngB/xw39zU3U1NcJhGWOU0dr1m1Ea8BCayAGzCNS4PpYNFEUkqUAEfwlGEE+A8YUUmcOD6Mk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:58:49 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: b928eea1a5a3d0bccb23e4b4058dbf01
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 15ms
14ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: DP2GNTM6R7Z1VSHM
cdn-cachedat: 12/27/2021 13:08:33
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: u0fVf7rnkapsxIWRnokxfRvVXWrHNmlTCMW/ieDV/eO4N6RmDVEVLwXzaOxP04B47xKxeFVEcIY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:57 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: ffae2b9a41f9cf87fedd1ad079370810
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
960 B 12ms
12ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: TMYVPHGB1CSE6Q7T
cdn-cachedat: 12/27/2021 13:09:45
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: v1zJ9FnYmBr+dgZ+g4vOthTjpQ9asM8m4ee9XS8uFCiqmgQYz4zOUTwoxyTNnNU37L7o8ugoXOI=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Tue, 30 Nov 2021 17:59:58 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: c235cc78b7bae764ec7ba89a9ae4df34
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ 31 KB
1 KB 34ms
17ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 20:10:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 30 Dec 2021 20:40:14 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 30 Dec 2021 20:40:14 GMT

GET
H2 200 features Show response
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ 3 KB
1 KB 172ms
172ms XHR
application/json 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-38-14-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://go.behindthemarkets.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
X-Sumo-Auth: ySGHlvrdzDfoiBDUhIpkjQEH

Response headers

date: Thu, 30 Dec 2021 20:40:14 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/ Frame 0
0 159ms
159ms Preflight 52.38.14.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.38.14.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-38-14-212.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 30 Dec 2021 20:40:14 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H/1.1 200
OK capture Show response
api.leadpages.io/analytics/v1/observations/ 35 B
446 B 114ms
114ms XHR
image/gif 35.192.151.63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=Nwk9ZNFiKvksVD38rxmeTR&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=214,215.39999961853027,1,354
Requested by: Host: js.center.io
URL: https://js.center.io/center.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.192.151.63 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 63.151.192.35.bc.googleusercontent.com
Software: Stargate /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.behindthemarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Thu, 30 Dec 2021 20:40:17 GMT
Server: Stargate
Transfer-Encoding: chunked
X-Forwarded-For: 194.36.108.18
Content-Type: image/gif
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-max-age: 600
Connection: keep-alive
x-request-id: 01rc3l6l8djntd1gtcgg

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

73 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.api.leadpages.io/analytics/v1/events/capture	1970-01-19 23:49:43	Name: view.bb4wMKcXKB896PwqF4vMVT-default-prop.hZGr8CiB4GvxgUHU6eUyhA Value: 1640896813000
go.behindthemarkets.com/btm-5g-arrow-sandia	1970-01-20 00:31:28	Name: __smVID Value: 9b241e75a700a2488fe50967755000bb8e10c6e999a05ac5b4a9bb468866474a
i.liadm.com/s	1970-01-20 00:31:28	Name: _li_ss Value: MgkI_____wcQnRE
.theempiretrading.com/	1970-01-20 08:33:52	Name: iterableEndUserId Value: rudyclaude4%40gmail.com
.theempiretrading.com/	1970-01-19 23:49:43	Name: iterableEmailCampaignId Value: 3462813
.theempiretrading.com/	1970-01-19 23:49:43	Name: iterableTemplateId Value: 4725735
.theempiretrading.com/	1970-01-19 23:49:43	Name: iterableMessageId Value: 7772a2bcbf9940da95be96cc7538aac2
links.email.theempiretrading.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: ae9f2b76bc8ef931f7b353eb41a98004f6b02273-1640896810297-0ddbcb9b9ca8150a14b39ff2
.clkmg.com/	1970-01-20 08:33:52	Name: vid Value: 693406640
.behindthemarkets.com/	1970-01-20 01:57:52	Name: _gcl_au Value: 1.1.835021184.1640896813
js.center.io/	1978-01-11 21:31:40	Name: centerVisitorId Value: zNbwg8FDLprpchRr5TyRFd
.go.behindthemarkets.com/	1970-01-20 08:35:19	Name: _vwo_uuid_v2 Value: D3B444C3B706AE55580F2B9C38BE54B81\|fde46dd3b492788577f7d620c4ea9ccb
.behindthemarkets.com/	1970-01-20 01:57:52	Name: _fbp Value: fb.1.1640896812872.252513584
.behindthemarkets.com/	1970-01-20 02:12:16	Name: _vis_opt_s Value: 1%7C
.behindthemarkets.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.behindthemarkets.com/	1970-01-23 15:24:16	Name: _vwo_uuid Value: D3B444C3B706AE55580F2B9C38BE54B81
.behindthemarkets.com/	1970-01-19 23:48:18	Name: _vwo_sn Value: 0%3A1
.behindthemarkets.com/	1970-01-20 00:31:28	Name: _vwo_ds Value: 3%3At_0%2Ca_0%3A0%241640896812%3A48.64626941%3A%3A%3A3_0%2C2_0%3A0
.behindthemarkets.com/	1970-01-20 17:19:28	Name: _ga Value: GA1.2.1113465825.1640896813
.behindthemarkets.com/	1970-01-19 23:49:43	Name: _gid Value: GA1.2.788113306.1640896813
.behindthemarkets.com/	1970-01-19 23:48:16	Name: _gat_UA-102395123-1 Value: 1
.criteo.com/	1970-01-20 09:09:52	Name: uid Value: c435b5a8-511d-4e03-a111-35f49e252d92
.behindthemarkets.com/	1970-01-20 09:17:40	Name: cto_bundle Value: 2euvcl9nVVZkZWgyJTJGRjh5djlkUyUyRlN3QkdGQkRxa3MySVdOaDRBOGk4VnRNZnYlMkYzMFJ0eHlFVWJVJTJCaEl4ekpxdVU5bHYwMUpuYWZlWHU0ZW9heTIxVFRqY1NoS1dSM2slMkZNdFJrZk1PM0RGQzcwdXFBTlJ1b0pyQXJLMG5VQzElMkJCbFZKMEZrJTJCRmg5a1V2JTJCaWFzSGZZSHVOUTR2V21zZG02dEdTTiUyQmNydGtNTnQlMkJwbyUzRA
go.behindthemarkets.com/	1970-01-20 08:33:52	Name: __smToken Value: ySGHlvrdzDfoiBDUhIpkjQEH
.adnxs.com/	1970-01-20 01:57:52	Name: uuid2 Value: 7463700316977324748
.rlcdn.com/	1970-01-20 08:33:52	Name: rlas3 Value: OJeYMqVvP3jJCu1ta2U6J76Eh4b+JwUMMvrPf2LHb6I=
.rlcdn.com/	1970-01-20 01:14:40	Name: pxrc Value: CAA=
.doubleclick.net/	1970-01-20 09:09:52	Name: IDE Value: AHWqTUni7LXyBrF0cIw-u3OPa0YWA8NlNj4IQIxgm5fjJZJiNDLuihaRA_x0etB3mmM
.3lift.com/	1970-01-20 01:57:52	Name: tluid Value: 6288549786291855528
.pubmatic.com/	1970-01-20 00:31:28	Name: KRTBCOOKIE_97 Value: 3385-uid:k--_yfn9EUe9lpKZuteebVcH0lJcj_GYOyV-tK_g&KRTB&23286-uid:k--_yfn9EUe9lpKZuteebVcH0lJcj_GYOyV-tK_g&KRTB&23287-uid:k--_yfn9EUe9lpKZuteebVcH0lJcj_GYOyV-tK_g&KRTB&23288-uid:k--_yfn9EUe9lpKZuteebVcH0lJcj_GYOyV-tK_g
.pubmatic.com/	1970-01-20 00:31:28	Name: PugT Value: 1640896812
.pubmatic.com/	1970-01-20 01:57:52	Name: PUBMDCID Value: 3
.yahoo.com/	1970-01-20 08:34:14	Name: A3 Value: d=AQABBC0ZzmECEOARsutJhAprTcAREbEReXsFEgEBAQFqz2HXYQAAAAAA_eMAAA&S=AQAAAhGbzG-kk3S_24_gapm8KlQ
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: lbud1CBLTVEc
.mgid.com/	1970-01-19 23:48:18	Name: __cf_bm Value: Xq4kTXkARti1QJIs6.bcBnu1nBO6Bm9ZGhTa5lgca_U-1640896813-0-ATWQhB72UojBFRWjJ4q/+NKwAP1xfj3tsnC8Sbqmyp8Hk/K8o1+0n8sy1c81oJeRv66qxHXv5OhZsT1MTCWEEzA=
.bidswitch.net/	1970-01-20 08:33:52	Name: tuuid Value: 33f4f8bf-bf01-43c8-b7f9-e76160ae4046
.bidswitch.net/	1970-01-20 08:33:52	Name: c Value: 1640896813
.bidswitch.net/	1970-01-20 08:33:52	Name: tuuid_lu Value: 1640896813
.media.net/	1970-01-20 08:33:52	Name: visitor-id Value: 2838984136686636000V10
.media.net/	1970-01-20 00:31:28	Name: data-c-ts Value: 1640896813
.media.net/	1970-01-20 00:31:28	Name: data-c Value: k-BelyZtEUe9lpKZuteebVcH0lJcguYs7hwNbwWg~~3
.addthis.com/	1970-01-20 09:09:52	Name: ouid Value: 61ce192d000181e87b44b08101e2265fa33a7b00e24820cccd94
.addthis.com/	1970-01-20 09:09:52	Name: uid Value: 61ce192da208a8eb
.addthis.com/	1970-01-20 09:09:52	Name: na_id Value: 2021123020401366500492229125
.mediawallahscript.com/	1970-01-20 17:19:28	Name: mCookie Value: b072d901-69b0-11ec-a021-f92b1516b17b
.mediawallahscript.com/	1970-01-20 17:19:28	Name: mUserCookie Value: %7B%22undefined%22%3A%5B%22%22%2C%22%22%2C%22%22%5D%7D
.casalemedia.com/	1970-01-20 08:33:52	Name: CMID Value: Yc4ZLbTc913Sdbr.UDv6UAAA
.casalemedia.com/	1970-01-20 01:57:52	Name: CMPS Value: 5224
.turn.com/	1970-01-20 04:07:28	Name: uid Value: 3704580831206958240
.casalemedia.com/	1970-01-20 01:57:52	Name: CMPRO Value: 1146
.casalemedia.com/	1970-01-20 08:33:52	Name: CMRUM3 Value: 1461ce192d2760k-Yy5reNEUe9lpKZuteebVcH0lJchzo8Ustd101g
.casalemedia.com/	1970-01-19 23:49:43	Name: CMST Value: Yc4ZLWHOGS0A
.sharethrough.com/	1970-01-20 08:33:52	Name: stx_user_id Value: 0f53ebbc-c67e-423e-96e0-f959ccbe6e06
.revcontent.com/	1970-02-07 05:48:16	Name: __ID Value: 652ba6a59fcd4150911547a109f20eac
.revcontent.com/	1970-01-20 00:31:28	Name: v1_151 Value: 1
.taboola.com/	1970-01-20 08:33:52	Name: t_gid Value: 6fe6bfef-9014-4134-8e95-0f830bc1b63d-tuct8c79ead
cm.mgid.com/	1970-01-20 00:31:28	Name: mg_sync Value: {"617660":1640896813}
.advertising.com/	1970-01-20 08:35:19	Name: APID Value: UPb0832d11-69b0-11ec-9fa7-02c56a2956ca
.360yield.com/	1970-01-20 01:57:52	Name: tuuid Value: 9ababb0d-222f-43f7-a030-e779bf5d2a42
.360yield.com/	1970-01-20 01:57:52	Name: tuuid_lu Value: 1640896813
.analytics.yahoo.com/	1970-01-20 08:35:19	Name: IDSYNC Value: "18zh~22dw:1761~22dw"
.yahoo.com/	1970-01-20 00:34:33	Name: APID Value: UPb0832d11-69b0-11ec-9fa7-02c56a2956ca
.yahoo.com/	1970-01-19 23:49:43	Name: APIDTS Value: 1640896813
.360yield.com/	1970-01-20 01:57:52	Name: um Value: !38,e1RxqLAsbTkO-DvGaWbX3fBIDt2S00RdxPhtaVDyAzzgGPd6k0HHu4yG-t3lZpymCIch1C0j,1648672813
.360yield.com/	1970-01-20 01:57:52	Name: umeh Value: !38,0,1703104813,-1
.adnxs.com/	1970-01-20 01:57:52	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2E?hfgQqA!fss0=Rro*E7VW]Fp9S4:ET25vrmL^B69RH<!XG=ZG'!GLTpll0+_RU#j1wpp-Yo:#YdCj`'n`ZNl$]kNya!tNhTpwbL8h/
ads.stickyadstv.com/	1970-01-20 00:31:28	Name: UID Value: 3d5069d3c0d38f6a9a05e4b60d069ee
ads.stickyadstv.com/	1970-01-20 00:31:28	Name: uid-bp-11554 Value: k--1n5L9EUe9lpKZuteebVcH0lJciF4Gt_aHmv6A
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: b0c6a4c1733073c82427614ab24e9c0
.outbrain.com/	1970-01-20 01:57:52	Name: obuid Value: 7d561a2c-4805-46b1-8a04-fd3941bc2c69
.outbrain.com/	1970-01-20 00:31:28	Name: criteo Value: k-JUTigNEUe9lpKZuteebVcH0lJcg5yo5n4M96mg
.postrelease.com/	1970-01-20 08:33:52	Name: opt_out Value: 1
.liadm.com/	1970-01-20 17:19:28	Name: lidid Value: 63a18621-2390-4c87-8991-c058a442787d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ads.stickyadstv.com
ads.yahoo.com
api.leadpages.io
cdn.stickyadstv.com
cm.g.doubleclick.net
cm.mgid.com
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
cw.addthis.com
d.turn.com
dev.visualwebsiteoptimizer.com
dis.criteo.com
eb2.3lift.com
embed.lpcontent.net
fonts.googleapis.com
fonts.gstatic.com
go.behindthemarkets.com
gum.criteo.com
i.liadm.com
i6.liadm.com
idsync.rlcdn.com
jadserve.postrelease.com
js.center.io
lh3.googleusercontent.com
links.email.theempiretrading.com
load.sumo.com
match.sharethrough.com
mug.criteo.com
partner.mediawallahscript.com
pixel.advertising.com
pixel.rubiconproject.com
r.casalemedia.com
rtb-csync.smartadserver.com
s.ad.smaato.net
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sslwidget.criteo.com
static.criteo.com
static.leadpages.net
stats.g.doubleclick.net
sumo.com
sync-t1.taboola.com
sync.outbrain.com
trends.revcontent.com
ups.analytics.yahoo.com
widget.us.criteo.com
www.behind-the-markets.com
www.behindthemarkets-btm.com
www.clkmg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkerclick.com
x.bidswitch.net
104.111.242.245
104.19.133.78
141.226.228.48
142.250.185.130
178.250.2.130
178.250.2.146
178.250.2.151
18.156.181.139
18.158.253.107
184.30.24.121
185.33.221.53
185.64.189.110
185.86.139.114
2.18.234.21
2.18.234.233
2.18.235.93
2001:4de0:ac19::1:b:1b
2001:678:cb4:bbbb::13
212.82.100.181
2600:1f18:444a:4602:9c05:7f25:f6a5:7205
2600:1f18:612b:4200:ee57:5bc8:4ac0:7a5
2600:9000:2156:600:12:36b3:7a80:93a1
2600:9000:2156:ae00:1b:5138:8a40:93a1
2606:4700:3032::ac43:d48e
2606:4700:3036::ac43:cedc
2a00:1288:80:800::7000
2a00:1450:4001:803::2003
2a00:1450:4001:80f::2004
2a00:1450:4001:80f::2008
2a00:1450:4001:812::2001
2a00:1450:4001:812::200e
2a00:1450:4001:830::2003
2a00:1450:4001:830::200a
2a00:1450:4001:831::2013
2a00:1450:400c:c0c::9c
2a02:2638::1c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.126.56.137
3.217.216.1
3.67.115.59
34.107.203.240
34.120.142.1
34.254.114.92
34.96.102.137
35.192.151.63
35.202.21.90
35.244.174.68
50.97.212.250
52.215.211.56
52.38.14.212
54.81.135.237
64.202.112.191
69.173.151.100
74.119.119.150
76.223.111.18
89.187.169.47
99.80.164.0
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12ad026eace6494ff61e221807c55802f6c7384c69f79439ff9765c3a3420abc
132ff663ec567f9ae205298aaf3d6d16048f20750616d8b3ea174fdc4cb3ff0c
133be2ab152b1c9f408e9a597430361539cf3b8255a0a92f8a8a8a885e079702
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
1b0a8b83386af99b99eeeea1f50deddabbbc2a70d324c7ed466fc4399d31e3b7
1b54b66edcb0c239350b409ff86ba3195fa5c6455b0251e76d910ba4fc091be1
1e843b8b1f0971ce91d1d7e45e35e23dbb6008cdc3a859f9d42e384cf05650fb
255f497324a8823e617af3b9135771124c5a124b3d2d77ddae68e9b6a780d049
2b89ce6bb6c3037d363dcfa4470f124a6647374c3cce4bdaf0bf07ab001b2464
2c0e68c05ab8a290014b40f848b639d52adb1eeaffebe207124f2174f60f7add
2dcf66df3032042a56e661d5be35ba4f3af5328d29e4698ee8fd0ba4b88cc932
2e42ee85db205de7ee6b3e254523c734643431764b9bbc87c058e89cf474c5c5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
36dc7363f42099049f12e0c5c85c0f016832875021ba68c3d2f83045594ffac4
3705afa2ba67e76379c851b704bb0db8ed87656a819209c28b63d2321343fcd8
38ce40f41757c9b666dbd3594af6fb2a4910f7521da1d65e697af42e6cdad7d7
3cf85ecb4a6becc6460dc3e65472ca30c4ea836366cd3d6bd54e315c6f7c31e3
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e
48e6569cf06d8b950da3926d80fe1528f7ebaf32cd060d43ee3d79a722cb5387
49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4e0633d424a3fa75224915e45b812ff3461bebe976a8029835de054e4cb75c9f
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ebd979a9f0a79ff0d1526188ba0b95a5d36751f01fd16d1082779f2d11321b9
4f5bd189979d955106dcb369a6b77e4b7b57dfa2fa177bad6a0558fce4f00cf9
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53d57168540bb85fb843de9e649053e8fbf95a30d151b5cc30c7e704b7669a69
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296
55f1deb0d20b8ef2b1b728e9c536647f1895355b61bef28abb41eb6dcec41411
592e4d1835429b83456573242ac88bb14dac49923173813eeaa78537bb7620f2
5c3a00eb37ad8e96072e58f6dd7ab2e708ce6406b766d71e207d46ee97aa8512
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
5dfee92eee9c1b99cfdb01ba3e96fed999c8170236011abac2adf036ddf8eee7
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
64369b56b87a6a6a37ce6c800d296e77b379c49fff9cb2a556c5f8ad3ccb4b36
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d5dce43acba1416db19f39d22d8db0dd7dd366ff39b15ca5f1752e8d7ec5d7e
6de05c135e09807c1a50d1e68453a011f56ad6797d38712af1534e9343b89346
716cf2dcc6d58e352b1d85418884bcde8cdf2742aaa77d46da4486bb13dee081
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
72b95405e006370e34ac6d7be5f4b185fe0d1058d43b576136d0ac5eddd88562
73c42500e4af90ca921ec406fd0cb6af6a43fe78d1eda3de7d655aa215565a60
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75a75114a3326f64b66896b4e47f2ebe985c53caab85e17814eaa17ed216005a
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
79e703e37d0c5dbedbfad7f3f3c9607a616174a1ce152ff230895cd2062e1f33
7b93501d3965ccc6d249f71312e04eebbab373bf305e1af92c2c668dd6eb3bdf
7bd10dcd45b27f8c416e2963cbec082c8beb2b653a0002d67bf0857b2db95c9b
7d5beae7ebc2c7ce5cb8e194dd48e0229ab6f36e09623713865cceaac4bb4b08
7ddf07e39d31b21a32b5a04ed372affc2622e4cb8faa706f17bb91178c3e2d76
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8438d1f8e7adc05e9ebb829cfeba1d2f3031f53878b7cc29b3cb207ba44a8a9f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8e689d74f8c13a43ef8a9c23c84db00756e7841b4e5e56267ad7216d8509fabe
8f3fe0606a82e44431a7b066692d17ba287c1f2e8e4b3050556807575a1fe33f
908362cc3d83780a006474ebea417be9ff9e9f92175e4295c990747e211507d8
94052c1920fe8b6b2e791f362c8a4247e50f0abcab5e61225d3f3a2414c73a43
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
96ad5f56a00803d62c47a3d21d9017916e470ab35935361f0f822af42d559d62
96fe92f97fc2c54b47fc3a8b6ab7788ea64be5925bfeb8378cf7753b397a2778
9ca8a06fa36760ac11757bf1454f1a8dfd50150e294520a91e6864d29f7fde8a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4390b6b85f4380e41e726b280b27c3de735ed8047fb72dbb3861b7ae23de047
a8eaf699085189552bba8f5057bcf969e3087d39f7830bd20c31a767f47c4dc7
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa36f7b55e498e48e34e35e18ada3035fc59a6f1c4e48ae702097cb08ada6689
b093c261affa5d45611d1077d820f6172533ac8e8d69997da830e18ac0ed1a46
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b3fdac93d880353fc983f82b9ed6fa62e54d755e05c1ee51020d98e95e35cb1a
b494764a83e1a3fb8c887deedf8c8a87edf40697e45f21a357fcf61d6a55c5c6
b7893a230766dd48285139bdfe35565e504f0b3b68cfc856da3dc81db307569a
b860877347b5fb701c185e3040e04fecca7506822e712f1a8074554ef513925d
ba398c4073f3dde850f04637918764494bad50499536ad1781113c66ec325eae
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c38991b1a84a3d1f232b320e4d69d964b9e70ae8b7abe2534168a20d13e8c5a1
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c738284f75e3341a9c6d926d8339175cde993cde6cdf7f02ec040c8fb109ac4a
c9944716a10b83ea2b631e2fc091a3f4a289cdf835abcaab5b694065808092f3
c99e1eaa85d260995d9712261a68944fbf1501210fc0b72fd69286218c58a39e
ca5e8198626ecded4b40a5e264d6fca7d1b4663db1fdd1032b3755aeb5ccd297
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42
cdf6aa48e94cc037d933692c5de29571fe81e66b73a9cc57f82614dcd25806a7
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
cfe7eb3baa9ab46d35285d0521588375c6965b266c01ca227427b06446ee657e
d0a6684633c6ab8da1971668ea1691819ac386ff1fe02a5ce18926028a02b726
d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8
d6c652b770391aba1eb4c71ad06b1b858ee1f8d13152aef29cab9cd2f4e3c2b3
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dff5c7a61358f77654f6f3c48ba16e33a4315bb57389075f380c408b250c73b0
e17f0091bbce5eb0f3a8b1dd678af32261ad748c55714bb69cafa60c0be90489
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
e99b1332226c6486a8a20ed70dabcb018e623a70cca29e202a48d653a486161c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d328da36d9b4e49aeb374f891ecf7607b9b8e070b8cd1d903f85ef737505c
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f962a0a8539cb44fb06a4494ffc65fa38369085603acf1a4b96adb8fb164e0d2
f99dac30c7093e8b1c2689aef392938701193512f32b6a919249821c6ba5a353
fdeca2cfc516555aacf01d48f855898eaddc3467cbb92d8b8e30e91a61a3e409
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
fe4a6e0c7220b1a9ce45b621a0e9844db3f75b359050882bcfc3ac2f5bb9ad51

go.behindthemarkets.com Open in urlscan Pro 35.202.21.90 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

141 Requests

88 %HTTPS

36 %IPv6

49 Domains

60 Subdomains

50 IPs

8 Countries

1767 kBTransfer

4832 kBSize

73 Cookies

2 Outgoing links

Page URL History

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

go.behindthemarkets.com Open in urlscan Pro
35.202.21.90 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

88 %
HTTPS

36 %
IPv6

49
Domains

60
Subdomains

50
IPs

8
Countries

1767 kB
Transfer

4832 kB
Size

73
Cookies

141 HTTP transactions
0 data transactions