Report - click.thedailymoneytips.com/btmeodvsl0723/2ff69998b1104c325e8fa4c9724fada2/48/TA_2H23DGI/2129724604/139350/fa5e862d7c11eec74a11925f52883810/63293

Report Overview

Submitted URL
click.thedailymoneytips.com/btmeodvsl0723/2ff69998b1104c325e8fa4c9724fada2/48/TA_2H23DGI/2129724604/139350/fa5e862d7c11eec74a11925f52883810/63293
IP
104.21.33.211
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-20 04:46:04
Access
public
Website Title
BTM - End Disease - VSL
Final URL
go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
click.thedailymoneytips.com	unknown	2019-06-27	2023-03-10	2024-04-17	599 B	16 kB	104.21.33.211
static.leadpages.net	35995	2012-11-07	2016-05-28	2024-04-18	1.9 kB	196 kB	34.107.203.240
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-19	989 B	33 kB	142.250.74.106
verifiedwebpage.com	unknown	2022-03-23	2022-03-23	2024-04-18	641 B	112 kB	104.18.20.187
stats.vidalytics.com	153185	2007-05-15	2017-02-08	2024-04-19	3.1 kB	2.7 kB	107.178.211.97
btm-btm-btm.lpages.co	unknown	2017-03-15	2022-07-01	2024-04-18	690 B	92 kB	35.202.21.90
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-19	6.7 kB	382 kB	142.250.74.168
js.center.io	39001	2011-09-13	2017-01-30	2024-04-19	1.6 kB	10 kB	216.239.36.21
lh3.googleusercontent.com	66	2008-11-17	2012-05-22	2024-04-18	2.7 kB	170 kB	142.250.74.97
go.behindthemarkets.com	815375	2017-03-30	2019-08-20	2024-04-18	632 B	23 kB	35.202.21.90
www.behindthemarkets-btm.com	848293	2021-03-09	2021-03-11	2024-04-18	523 B	113 kB	104.21.85.245
fast.vidalytics.com	218005	unknown	2017-02-08	2024-04-18	5.8 kB	1.2 MB	151.101.193.91
www.google.no	25607	2001-02-26	2016-04-05	2024-04-19	598 B	578 B	142.250.74.163
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-19	2.0 kB	888 B	216.239.34.36
analytics-ingress-global.bitmovin.com	47119	unknown	2017-08-18	2024-04-18	514 B	487 B	35.190.27.197
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	4.4 kB	330 kB	216.58.207.227
api.leadpages.io	33876	2014-09-17	2016-01-27	2024-04-19	4.1 kB	2.7 kB	35.192.151.63
embed.lpcontent.net	50471	2020-06-17	2020-06-20	2024-04-19	430 B	43 kB	34.107.203.240

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	thedailymoneytips.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (37)

	URL	Size	First Seen	Last Seen
	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	447 B	2023-07-16	2024-04-26
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 06:53:04 Last Seen2024-04-26 14:03:05 Times Seen34 Hash cd925e1288ecba4da9f1df422ea347a4 1fd1cb75a9de4941114a8efbd6f4aa9f17958567 8d0605590a55d52f8d5ef0294f22e84b37a420dc194027c81fc80829da6e14a5 Loading...

	go.behindthemarkets.com/8eddc2a5-50c8-4f75-968b-7e3dca5bf411	1.0 MB	2024-03-17	2024-04-26
Pretty URL go.behindthemarkets.com/8eddc2a5-50c8-4f75-968b-7e3dca5bf411 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-17 02:09:08 Last Seen2024-04-26 14:03:06 Times Seen44 Hash e91192bb73361bd71ca6c57fd7574a0b b7067fd0be088bdc811438955959baba4f75f48b fe68b0da3eb42ca233dc9558748f676f541e583efa272b9c8ac39e2be4e71744 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX	326 kB	2024-04-20	2024-04-20
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 06:46:06 Last Seen2024-04-20 06:46:06 Times Seen2 Hash 51abbbde1bc0a1ad6f836c969824a1b4 6d6627e3018c564bafad91cf18fa921f89af4b87 6b7d8f6f9af7dac55d1ab009d01d68a2794890a477c8a3010b0b885446711613 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	2.9 kB	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:40 Times Seen441 Hash a3faab281a519d4ece6839d53701c840 4d0935708bd081919188e521931ce14f3cc7c59e ae42a47bdc6093b78f0b62277fab3d311c56337621d945fbc3c68d3216fd4343 Loading...

	unknown	314 B	2023-07-16	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-16 06:53:04 Last Seen2024-04-26 14:03:05 Times Seen139 Hash 4acb04b112dbbf49b9a8988722930179 2a677bc92272c6759ac640147670bc0c01c8b2ae c482ce11ea1939e7f4038b6f34084495d4e600584f431a1a0c7a764942cebb70 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	3.6 kB	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:40 Times Seen429 Hash c164a88f770902ca8e62a5e399e32018 9d1ca269500112216a2b19d25b8c25440b2e89ba c53f0864a6382bf6866e66f734b2682161eb97cebed43234daf7ab086b4ca8c0 Loading...

	unknown	16 B	2023-04-10	2024-05-03
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57:29 Last Seen2024-05-03 14:00:03 Times Seen34241 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	515 B	2023-07-16	2024-04-26
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 06:53:04 Last Seen2024-04-26 14:03:05 Times Seen34 Hash 7f3d947309a799c40abe7a8aba6bf611 690ed64119e4dd084b0f0f74dd7439d1c9c8acc2 a69abf508914d94e454fa9d392265c42906048a33312b5ff978f1f43669d7698 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	414 B	2023-03-08	2024-04-26
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:09:05 Last Seen2024-04-26 14:03:05 Times Seen239 Hash 0f1c1e338722cb680190732c4e8e3f3e de7e63cbcce170f77302100562443128f115ecbc ee29e0be4ce3b2f3bcfeddbb30b7594cc151657feba8d3760fb9835311116216 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	582 B	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:40 Times Seen437 Hash 24959da5977b7558ff59cd5acdf88a1e 43c70045dc13d59dc973e90432261325421d8549 71e5a7aff94fa6fd0a971d99e54814a4131a061f2e361ffc73a5a6ef11d1062a Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	7.1 kB	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:40 Times Seen429 Hash 54fcbe8bf78f4a60f28e2cdb6e694d36 20b842db1ad9bd92eed8c854065b761a84f69e27 72ceea7d54bdaa348bf0f1e1545e148dd2e9c248a2ca70482f8b5f0047587b4f Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	2.5 kB	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:40 Times Seen429 Hash 0e02738ac706f2cc3dfb299a7fce970e 664081b30b8d227de4a54aca59e51f9c79986052 c36eb45451b0743dc65ca4bcfebc51511584a351ed4e6c8d98685b7eca9ddc26 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	2.2 kB	2023-05-24	2024-04-26
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-24 15:27:27 Last Seen2024-04-26 14:03:05 Times Seen84 Hash 132140ff41ff2b8093f5a0a17c2325ba 44cd600e1275977b3a737d7457f66d0c14e2cd07 5226f2e021abca13d2abd5fbda97c85f0a66841db67f2091fc1edf2bfcf91bda Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	917 B	2023-11-10	2024-04-26
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-10 14:41:22 Last Seen2024-04-26 14:03:05 Times Seen23 Hash 02fdbb89963343403ba1b939937e5f0f e538d783af07730ea293901095411df8d4947a9c cd51c5b500c4c36e57f722204130c7076cbb76614743c6cc4c5aba9f5751b2b8 Loading...

	js.center.io/center.js	13 kB	2023-03-07	2024-04-30
Pretty URL js.center.io/center.js IP 216.239.36.21 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:41 Times Seen1116 Hash 60f05ff45d707fe36d87b75bf181800d e34d94b519ed465481596bcff099467feb0aafdd cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42 Loading...

	embed.lpcontent.net/leadboxes/current/embed.js	43 kB	2023-03-07	2024-04-26
Pretty URL embed.lpcontent.net/leadboxes/current/embed.js IP 34.107.203.240 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-26 14:03:06 Times Seen641 Hash 7efcfabdb6209627ce8b016b1c4814eb f3b8ebfc5fe452333c0fa14b15b28567f30921b9 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	1.1 kB	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:40 Times Seen437 Hash f243709fadf6e072fd4fc43a139860e6 21692bdbc65edff8eca41e13d7036235f8ece36f 942275c3ece75f2592f4947d4e306a2a594de12dddd152ca13eafb747166a35c Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	5.4 kB	2023-05-15	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 23:35:04 Last Seen2024-04-30 21:01:40 Times Seen327 Hash fc0b8de8bf07fe1f20ecbf76e15f87aa 57950c0b8f0f6768b595fd74ec115f032b03f9ed cf61f4a4f3c09feac95f312fe0115655571a65979b16e2c3468cd422a1ba0b8f Loading...

	www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c	247 kB	2024-04-20	2024-04-20
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 06:46:06 Last Seen2024-04-20 06:46:06 Times Seen2 Hash 84a665c81513efd1185088ebf594ef0a b2bd593dea34f0c8a044ad642b70768d753c9000 a34191c2ccfb5a7f1949cf2350f6655f29d8ae77dbc2a323562e57e3b15db55c Loading...

	www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c	308 kB	2024-04-20	2024-04-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 06:46:06 Last Seen2024-04-20 06:46:06 Times Seen2 Hash 610ddda2db8da5235e4653125b9dc9a7 e187065a8e28732ac31ffc9ce9e0194362bd0a54 52878353befc21139fa512dcfac412a173c3a95f0f3f17b56fdef724751023d4 Loading...

	unknown	130 B	2023-12-14	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-14 19:00:58 Last Seen2024-04-26 14:03:05 Times Seen79 Hash 5ccee94c3094f38854210fccb675d50c 4655afbce35d739a1ea597ddeab5d22865ce4812 e48cb8ba68c82d6ea5b62c5ae4026116b6aecaa78f162070dafa756ce810ac1b Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	347 B	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-30 21:01:41 Times Seen441 Hash 324d070d383d7e171663391494e4eaf1 147167b389b5672075f113a03583378a22149967 3dfd8ef986ba39418b44b6eeef78e69bb8d04e786e7479c37087cb70b4fa9c84 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/sandbox%20eval%20code	147 B	2023-04-11	2024-05-03
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-03 14:12:53 Times Seen344402 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-03
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-03 14:12:54 Times Seen343896 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	181 B	2023-03-07	2024-04-30
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21:00 Last Seen2024-04-30 21:01:41 Times Seen412 Hash 03c6f9076ca3a4dee82dff97b28e6e5f 34e14b9e6b7f1f25bacd50142f395e4409ca74f6 74b2d22da3e536e007235a166b47e5498591fef8dd5723ffedfbf5a89cd97aa6 Loading...

	www.googletagmanager.com/gtag/js?id=AW-660882099	256 kB	2024-04-20	2024-04-20
Pretty URL www.googletagmanager.com/gtag/js?id=AW-660882099 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 06:46:06 Last Seen2024-04-20 06:46:06 Times Seen2 Hash 91444f2ce2da0f4e80ebd0a05a9a87e3 e82fc6b4395ab435f0708d01d3724e7085f8fd4a 6026b13dcec4632830ed566422777f7c620525690a5bf7827f77be930abe0098 Loading...

	fast.vidalytics.com/embeds/PzpZ_7KZ/JIC8_NDnfuEmGsqq/loader.min.js	22 kB	2024-03-22	2024-04-26
Pretty URL fast.vidalytics.com/embeds/PzpZ_7KZ/JIC8_NDnfuEmGsqq/loader.min.js IP 151.101.193.91 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 23:55:21 Last Seen2024-04-26 14:03:06 Times Seen22 Hash d96df41895be831daea732aedb39f24f cb56be4f419b7f4e09c89f79693efba610062bcb 68800b3687ed3423b8f54f49edd347d320bd6fcb980b488cb41c1af576e2eb11 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5	4.0 kB	2023-03-07	2024-04-26
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15:19 Last Seen2024-04-26 14:03:06 Times Seen288 Hash ab3f007f9ddbf0f4583e6002fec81753 64833abe13132a7220b56d21255b5c5a4e8a0c0f 44a8607238597f4d1d1c5bd6cce5f871b987105d969aa5d492e1f37e23aca407 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	461 B	2023-03-08	2024-04-30
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:09:05 Last Seen2024-04-30 21:01:41 Times Seen283 Hash e9565aa95958c3f427dd710f00d4a092 c596f2b7d288537ccac2c83942fe24643166ccea f36c51fc4c2bfd0402dc43fc85669439adc251635fa6db4600570b3766c07b99 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	889 B	2023-03-07	2024-04-30
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21:00 Last Seen2024-04-30 21:01:41 Times Seen396 Hash e836a223299c66996d922f90cb0a7ed3 8bf67c5a1042829803fc04c4b047ec9f5482bf70 c77e92eba359ee71dbbc3d949be51ac51788cb30ef685ef643bf5c8961d7eff1 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	159 B	2023-07-16	2024-04-26
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 06:53:04 Last Seen2024-04-26 14:03:06 Times Seen34 Hash 79260b299239d00f2cfafdef121576a7 d0798e513e20b8b9a6bae58859a893c1df17a198 86da90cc57b229ae25f092eb29286b5973f4fb04f0fba6fa0aecdab1f71f5728 Loading...

	go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93	706 B	2024-03-17	2024-04-26
Pretty URL go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-17 02:09:08 Last Seen2024-04-26 14:03:06 Times Seen13 Hash 59e62c95be9b071c97e213aed7a8c5de 2416e271e098b01ae336c4f1f674e12efa2f636b fd578916e78844c006b4b80f966e4534f1e5cd3cb4b40f9149ee3277dd39b4e2 Loading...

		Size	First Seen	Last Seen
	#1 Eval - a434d8d70086c5b541cf953d46a6fcf9	65 B	2023-11-21	2024-04-26
Pretty Observations First Seen2023-11-21 15:38:37 Last Seen2024-04-26 14:03:06 Times Seen132 Hash a434d8d70086c5b541cf953d46a6fcf9 651ac529314c0915b3d6f9af6dbf366d5e020ab6 bd79f3bace96866d957bfa99c34951689148707899756824ce4e9c0d1726ff37 Loading...

	#2 Eval - 4fe7374212694d79957cd9a1bb8fdef2	126 B	2023-03-08	2024-04-26
Pretty Observations First Seen2023-03-08 02:09:05 Last Seen2024-04-26 14:03:06 Times Seen239 Hash 4fe7374212694d79957cd9a1bb8fdef2 010e231568ee9c1bd7f2460c5a79da7f557fcc9a 93a694caf72303625617cfe8edbe6444a43454c3e34613487a74188f783c1e58 Loading...

	#3 Eval - 70067a5e54adbe9d9567c09470b0a617	92 B	2023-03-08	2024-04-26
Pretty Observations First Seen2023-03-08 02:09:05 Last Seen2024-04-26 14:03:06 Times Seen239 Hash 70067a5e54adbe9d9567c09470b0a617 4a47e4781b5bac3cdd38247db3fb87c63336c31a ad86521431911b76d497d5ebf350060c89e901d2bed2ebfa8a0d7b751b96f860 Loading...

	#4 Eval - c562c4c65e042d8c48ba39c3cf21e111	129 B	2023-07-16	2024-04-26
Pretty Observations First Seen2023-07-16 06:53:04 Last Seen2024-04-26 14:03:06 Times Seen138 Hash c562c4c65e042d8c48ba39c3cf21e111 0e1fded0f7e2ddd263830f8fbcedc883b1e2aca9 4c2f2b659be02e1baf0cf031d327ea963e56a80bb6baa7a07967a71514205375 Loading...

	#5 Eval - 0a94139e4615771d6d97fb3d968225b2	80 B	2023-03-08	2024-04-26
Pretty Observations First Seen2023-03-08 02:09:05 Last Seen2024-04-26 14:03:06 Times Seen238 Hash 0a94139e4615771d6d97fb3d968225b2 ede8882cf509b54d78f9ae6d0983cb4466a633b6 ca0059abf25af68454df89030c51cb41e112e2fa58ebb0b2ffa85b3fc6fee883 Loading...

HTTP Transactions (66)

URL IP Response Size

click.thedailymoneytips.com/btmeodvsl0723/2ff69998b1104c325e8fa4c9724fada2/48/TA_2H23DGI/2129724604/139350/fa5e862d7c11eec74a11925f52883810/63293

104.21.33.211

302 Found

15 kB

URL User Request GET HTTP/2
click.thedailymoneytips.com/btmeodvsl0723/2ff69998b1104c325e8fa4c9724fada2/48/TA_2H23DGI/2129724604/139350/fa5e862d7c11eec74a11925f52883810/63293
IP
104.21.33.211:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectthedailymoneytips.com
FingerprintDD:16:B6:B3:71:52:64:84:6B:A4:F0:A5:6F:5C:C7:D1:14:ED:C3:1C
ValiditySat, 20 Apr 2024 00:08:31 GMT - Fri, 19 Jul 2024 00:08:30 GMT

File type
gzip compressed data, max compression
Size
15 kB (14811 bytes)
Hash
69eb3e24a5d118a13bc59a19ccf0a08a
ffaa3255222fd6eb2d79bb962fa92f773e25dfe3
067901b676ca068da1d8a45ae15813e52263257e06ca91aadaa9910304ccc27d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /btmeodvsl0723/2ff69998b1104c325e8fa4c9724fada2/48/TA_2H23DGI/2129724604/139350/fa5e862d7c11eec74a11925f52883810/63293 HTTP/1.1
Host: click.thedailymoneytips.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 20 Apr 2024 04:45:36 GMT
content-type: text/html; charset=UTF-8
location: https://verifiedwebpage.com/go?ehash=2ff69998b1104c325e8fa4c9724fada2&product=30099&ar=48&cid=2129724604&lid=139350&slhash=fa5e862d7c11eec74a11925f52883810&mtaid=63293&cid2=[s8]&cloudf_filter=1
cache-control: max-age=600
expires: Sat, 20 Apr 2024 04:55:35 GMT
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MD%2Fje5KInTRaamoMW67ChJ%2BWbhcRfyLZAhKOTAyHg8rZYcsOCxXK4EW%2BM0Cpr7IE%2BlEYfwzgQoeesByor3mG1GtMBpG%2FbiFJOgiXldyHDrFevLChsET5DbjdfLCp9qgom5MJVSxu4icVf2Ktdec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87727c594b1b568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css

34.107.203.240

200 OK

27 kB

URL GET HTTP/2
static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
FingerprintD8:FD:AD:CD:8D:45:95:5D:A9:9C:4E:AE:11:39:70:F3:A6:56:DA:77
ValidityMon, 08 Apr 2024 13:47:54 GMT - Sun, 07 Jul 2024 14:42:08 GMT

File type
ASCII text, with very long lines (52276)
Size
27 kB (26836 bytes)
Hash
5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

HTTP Headers

GET /fonts/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: b6534fd7ba1e5ea59d10a086396a2dbd
content-encoding: gzip
server: Google Frontend
via: 1.1 google
date: Sat, 06 Apr 2024 05:03:22 GMT
expires: Sun, 06 Apr 2025 05:03:22 GMT
cache-control: public, max-age=31536000
etag: "-6uIpg"
content-type: text/css
vary: Accept-Encoding
content-length: 26836
age: 1208536
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Open+Sans:300,400,500,700

142.250.74.106

200 OK

7.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Open+Sans:300,400,500,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (1572)
Size
7.7 kB (7683 bytes)
Hash
60e015ed6e85f5ece1c6e4cfc76a45dd
7435e1d9f1a3534552d78f5a6595293ec89691a1
78cb8d2f4d488252b6c33f9da294c405975767d7242d5b640e8007220a791379

HTTP Headers

GET /css?family=Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Open+Sans:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 20 Apr 2024 04:45:38 GMT
date: Sat, 20 Apr 2024 04:45:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.leadpages.net/fonts/font-awesome/6.4.2/webfonts/fa-solid-900.woff2

34.107.203.240

200 OK

150 kB

URL GET HTTP/3
static.leadpages.net/fonts/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
FingerprintD8:FD:AD:CD:8D:45:95:5D:A9:9C:4E:AE:11:39:70:F3:A6:56:DA:77
ValidityMon, 08 Apr 2024 13:47:54 GMT - Sun, 07 Jul 2024 14:42:08 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280
Size
150 kB (150020 bytes)
Hash
d5e647388e2415268b700d3df2e30a0d
97f0942c6627ddd89fb62170e5cac9a2cbd6c98c
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9

HTTP Headers

GET /fonts/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://static.leadpages.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 0d40311953903dc970264097f96ce6ab
server: Google Frontend
via: 1.1 google
date: Sat, 06 Apr 2024 16:18:44 GMT
expires: Sun, 06 Apr 2025 16:18:44 GMT
cache-control: public, max-age=31536000
etag: "-6uIpg"
content-type: font/woff2
vary: Accept-Encoding
content-length: 150020
age: 1168014
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

142.250.74.168

200 OK

103 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (30332)
Size
103 kB (103389 bytes)
Hash
51abbbde1bc0a1ad6f836c969824a1b4
6d6627e3018c564bafad91cf18fa921f89af4b87
6b7d8f6f9af7dac55d1ab009d01d68a2794890a477c8a3010b0b885446711613

HTTP Headers

GET /gtm.js?id=GTM-WNRH3TX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 20 Apr 2024 04:45:38 GMT
expires: Sat, 20 Apr 2024 04:45:38 GMT
cache-control: private, max-age=900
last-modified: Sat, 20 Apr 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 103389
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/identify.html

216.239.36.21

200 OK

2.0 kB

URL GET HTTP/2
js.center.io/identify.html
IP
216.239.36.21:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint4F:B0:A1:20:96:F5:9A:75:29:3C:B1:38:81:42:BB:1C:6E:E7:5A:A4
ValidityFri, 01 Mar 2024 18:22:06 GMT - Thu, 30 May 2024 18:58:09 GMT

File type
HTML document, ASCII text, with very long lines (612)
Size
2.0 kB (2016 bytes)
Hash
0ba3629e9c8b8af4c7a13d344978898a
c05b5c80e1eec6e630547ecfacf11eb86391e4b6
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

HTTP Headers

GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-cloud-trace-context: 53dfe44929148e1e47688a476e974d7c
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Sat, 20 Apr 2024 04:44:14 GMT
expires: Sat, 20 Apr 2024 04:49:14 GMT
cache-control: public, max-age=300
age: 84
etag: "OMWYXg"
content-type: text/html
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 02:08:09 GMT
expires: Thu, 17 Apr 2025 02:08:09 GMT
cache-control: public, max-age=31536000
age: 268649
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 02:08:09 GMT
expires: Thu, 17 Apr 2025 02:08:09 GMT
cache-control: public, max-age=31536000
age: 268649
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 303480
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:54:31 GMT
expires: Wed, 16 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 355867
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:35:00 GMT
expires: Fri, 18 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 180638
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c

142.250.74.168

200 OK

86 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
86 kB (86154 bytes)
Hash
84a665c81513efd1185088ebf594ef0a
b2bd593dea34f0c8a044ad642b70768d753c9000
a34191c2ccfb5a7f1949cf2350f6655f29d8ae77dbc2a323562e57e3b15db55c

HTTP Headers

GET /gtag/js?id=AW-16454845358&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 20 Apr 2024 04:45:38 GMT
expires: Sat, 20 Apr 2024 04:45:38 GMT
cache-control: private, max-age=900
last-modified: Sat, 20 Apr 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86154
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

142.250.74.168

200 OK

100 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (15506)
Size
100 kB (100028 bytes)
Hash
610ddda2db8da5235e4653125b9dc9a7
e187065a8e28732ac31ffc9ce9e0194362bd0a54
52878353befc21139fa512dcfac412a173c3a95f0f3f17b56fdef724751023d4

HTTP Headers

GET /gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 20 Apr 2024 04:45:38 GMT
expires: Sat, 20 Apr 2024 04:45:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100028
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=AW-660882099

142.250.74.168

200 OK

88 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-660882099
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
88 kB (88442 bytes)
Hash
91444f2ce2da0f4e80ebd0a05a9a87e3
e82fc6b4395ab435f0708d01d3724e7085f8fd4a
6026b13dcec4632830ed566422777f7c620525690a5bf7827f77be930abe0098

HTTP Headers

GET /gtag/js?id=AW-660882099 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 20 Apr 2024 04:45:38 GMT
expires: Sat, 20 Apr 2024 04:45:38 GMT
cache-control: private, max-age=900
last-modified: Sat, 20 Apr 2024 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fast.vidalytics.com/embeds/PzpZ_7KZ/JIC8_NDnfuEmGsqq/loader.min.js

151.101.193.91

200 OK

7.9 kB

URL GET HTTP/2
fast.vidalytics.com/embeds/PzpZ_7KZ/JIC8_NDnfuEmGsqq/loader.min.js
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (21920), with no line terminators
Size
7.9 kB (7860 bytes)
Hash
d96df41895be831daea732aedb39f24f
cb56be4f419b7f4e09c89f79693efba610062bcb
68800b3687ed3423b8f54f49edd347d320bd6fcb980b488cb41c1af576e2eb11

HTTP Headers

GET /embeds/PzpZ_7KZ/JIC8_NDnfuEmGsqq/loader.min.js HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
x-envoy-upstream-service-time: 41
server: istio-envoy
x-envoy-decorator-operation: vidalytics-player-api.vidalytics-player-api.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: api-prod
access-control-allow-origin: *
cache-control: public, max-age=900, s-maxage=1800
x-lb-cache: disabled
content-encoding: gzip
accept-ranges: bytes
age: 372
date: Sat, 20 Apr 2024 04:45:39 GMT
x-served-by: cache-dfw-kdfw8210062-DFW, cache-hel1410022-HEL
x-cache: HIT, MISS
x-cache-hits: 9, 0
x-timer: S1713588339.896293,VS0,VE137
vary: Accept-Encoding
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7860
X-Firefox-Spdy: h2

www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&h=Ag&dl=go.behindthemarkets.com%2Fbtm-end-disease-vsl%2F&tdp=G-8R6YNFMJ23;74108444;1;6;0&rtg=12088355&rlo=4&slo=2&z=0

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&h=Ag&dl=go.behindthemarkets.com%2Fbtm-end-disease-vsl%2F&tdp=G-8R6YNFMJ23;74108444;1;6;0&rtg=12088355&rlo=4&slo=2&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&h=Ag&dl=go.behindthemarkets.com%2Fbtm-end-disease-vsl%2F&tdp=G-8R6YNFMJ23;74108444;1;6;0&rtg=12088355&rlo=4&slo=2&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/td?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&h=Ag&dl=go.behindthemarkets.com%2Fbtm-end-disease-vsl%2F&tdp=G-8R6YNFMJ23;74108444;1;6;0&rtg=12088355&rlo=4&slo=2&z=0

142.250.74.168

204 No Content

0 B

URL GET HTTP/3
www.googletagmanager.com/td?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&h=Ag&dl=go.behindthemarkets.com%2Fbtm-end-disease-vsl%2F&tdp=G-8R6YNFMJ23;74108444;1;6;0&rtg=12088355&rlo=4&slo=2&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /td?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAAAg&h=Ag&dl=go.behindthemarkets.com%2Fbtm-end-disease-vsl%2F&tdp=G-8R6YNFMJ23;74108444;1;6;0&rtg=12088355&rlo=4&slo=2&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Sat, 20 Apr 2024 04:45:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAAAg&h=Ag&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ccdgaadslink.1ogtgooglesignals.1ccdgaregscope.1ccdemdownload.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ogteventedit.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ccdautoredact.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaadslink.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ogteventedit.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ccdautoredact.2ccdgalast&z=0

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAAAg&h=Ag&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ccdgaadslink.1ogtgooglesignals.1ccdgaregscope.1ccdemdownload.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ogteventedit.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ccdautoredact.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaadslink.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ogteventedit.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ccdautoredact.2ccdgalast&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAAAg&h=Ag&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ccdgaadslink.1ogtgooglesignals.1ccdgaregscope.1ccdemdownload.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ogteventedit.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ogteventcreate.1ccdautoredact.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaadslink.2ogtgooglesignals.2ccdgaregscope.2ccdemdownload.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ogteventedit.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ogteventcreate.2ccdautoredact.2ccdgalast&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtag.config&eid=1&u=AAAAAAAIAAAAAIAg&h=Ag&epr=1G.2G&tr=1gct&ti=1gct&z=0

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtag.config&eid=1&u=AAAAAAAIAAAAAIAg&h=Ag&epr=1G.2G&tr=1gct&ti=1gct&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtag.config&eid=1&u=AAAAAAAIAAAAAIAg&h=Ag&epr=1G.2G&tr=1gct&ti=1gct&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=*&eid=8&u=AAAAAAAIIAAAAIAg&h=Ag&z=0

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=*&eid=8&u=AAAAAAAIIAAAAIAg&h=Ag&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=*&eid=8&u=AAAAAAAIIAAAAIAg&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&u=AAAAAAAIIAAAAIAg&h=Ag&epr=1G.3G&z=0

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&u=AAAAAAAIIAAAAIAg&h=Ag&epr=1G.3G&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&u=AAAAAAAIIAAAAIAg&h=Ag&epr=1G.3G&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=391506763.1713588339&gtm=45je44h0v874108444z8812088355za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1157561378

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=391506763.1713588339&gtm=45je44h0v874108444z8812088355za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1157561378
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint4E:BD:F9:72:97:67:A2:4B:EE:E4:B0:03:CD:C8:F3:30:53:27:53:1D
ValidityMon, 18 Mar 2024 20:50:06 GMT - Mon, 10 Jun 2024 20:50:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=391506763.1713588339&gtm=45je44h0v874108444z8812088355za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=1157561378 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 20 Apr 2024 04:45:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/1JBzk5OTIUlpS2duyosd--_s7_rVDs6XTyQfJD9YRTUFq4SMvAJgRmjxVxnvMk4UQJEXQtQatxo615aDSUSWNTO-XnwNUagGgms=s16

142.250.74.97

200 OK

360 B

URL GET HTTP/2
lh3.googleusercontent.com/1JBzk5OTIUlpS2duyosd--_s7_rVDs6XTyQfJD9YRTUFq4SMvAJgRmjxVxnvMk4UQJEXQtQatxo615aDSUSWNTO-XnwNUagGgms=s16
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Picasa], baseline, precision 8, 16x8, components 3
Size
360 B (360 bytes)
Hash
3905f679f050fe380205b8baba160b20
cda34b70abb76b07c2252e62494657b1fdac937d
7c7ae1ae3ea1aa0d5292a13a63ec43da9bb35602047810d5e221da036c6e06b6

HTTP Headers

GET /1JBzk5OTIUlpS2duyosd--_s7_rVDs6XTyQfJD9YRTUFq4SMvAJgRmjxVxnvMk4UQJEXQtQatxo615aDSUSWNTO-XnwNUagGgms=s16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 360
x-xss-protection: 0
date: Sat, 20 Apr 2024 04:25:54 GMT
expires: Sun, 21 Apr 2024 04:25:54 GMT
cache-control: public, max-age=86400, no-transform
age: 1185
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/tt2DPU2PRU88zJWVilJgcb8EYEAbe5isdg3o_3AwHs538iLTnjJFcL8q1R8x2Kc4Ru9eGg5g1n_BohLuISxBf1CijFvq3lhguVY9=w16

142.250.74.97

200 OK

251 B

URL GET HTTP/2
lh3.googleusercontent.com/tt2DPU2PRU88zJWVilJgcb8EYEAbe5isdg3o_3AwHs538iLTnjJFcL8q1R8x2Kc4Ru9eGg5g1n_BohLuISxBf1CijFvq3lhguVY9=w16
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
PNG image data, 16 x 3, 8-bit/color RGBA, non-interlaced
Size
251 B (251 bytes)
Hash
b73a89df13870206d4104c99ec9973c5
dba02bf1f1c06839760da64a0739327a0d20019b
47901a3ecf1fc1e211131e3e6453422084b56e34b9a4ef14a123e48168c62937

HTTP Headers

GET /tt2DPU2PRU88zJWVilJgcb8EYEAbe5isdg3o_3AwHs538iLTnjJFcL8q1R8x2Kc4Ru9eGg5g1n_BohLuISxBf1CijFvq3lhguVY9=w16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 251
x-xss-protection: 0
date: Sat, 20 Apr 2024 02:47:21 GMT
expires: Sun, 21 Apr 2024 02:47:21 GMT
cache-control: public, max-age=86400, no-transform
age: 7098
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93

35.202.21.90

200 OK

23 kB

URL User Request GET HTTP/2
go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subjectgo.behindthemarkets.com
Fingerprint4A:3D:1B:98:93:1B:AD:19:29:33:73:D5:E7:97:F3:FE:CD:F6:00:39
ValidityMon, 25 Mar 2024 11:10:43 GMT - Sun, 23 Jun 2024 11:10:42 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (46815)
Size
23 kB (22697 bytes)
Hash
564c7c5d276d2b2f7ee34c3bdd7a13bc
6cdd4b887c006333f582f6494580670f6d0d8b7c
f80f31f1346774bca9b3348f3de3bb40c5ebdef7cb793964b7c8f441f9d7c733

HTTP Headers

GET /btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93 HTTP/1.1
Host: go.behindthemarkets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 04:45:37 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
x-cache: MISS, HIT
etag: W/"2b4b9e55bf2186d3522c0db2d2893eb5"
last-modified: Fri, 01 Mar 2024 15:07:49 GMT
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2

fast.vidalytics.com/players/v.4.3.3.000-vid-prod/player.min.js

151.101.193.91

200 OK

266 kB

URL GET HTTP/3
fast.vidalytics.com/players/v.4.3.3.000-vid-prod/player.min.js
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
266 kB (266243 bytes)
Hash
e91192bb73361bd71ca6c57fd7574a0b
b7067fd0be088bdc811438955959baba4f75f48b
fe68b0da3eb42ca233dc9558748f676f541e583efa272b9c8ac39e2be4e71744

HTTP Headers

GET /players/v.4.3.3.000-vid-prod/player.min.js HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 266243
x-guploader-uploadid: ABPtcPpE4K4hRFg91e5Swdl_ZNzVkGeFwemz67K0KxgmERb1lyi0gDJW7co_XmY1-LU9C9RkcxYIQsXYxA
cache-control: public, max-age=86400, s-maxage=2592000
expires: Wed, 10 Apr 2024 08:41:05 GMT
last-modified: Mon, 11 Mar 2024 08:36:30 GMT
etag: "23462b16f3d8a48814f6f216d08b940c"
x-goog-generation: 1710146190347127
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 266243
x-goog-meta-surrogate-key: player-versioned
content-type: application/javascript
content-encoding: gzip
x-goog-hash: crc32c=hXdP3Q==, md5=I0YrFvPYpIgU9vIW0IuUDA==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
age: 1298184
date: Sat, 20 Apr 2024 04:45:39 GMT
x-served-by: cache-dfw-kdfw8210130-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 171216, 0
x-timer: S1713588339.352615,VS0,VE1
vary: Accept-Encoding
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

static.leadpages.net/images/favicon.ico

34.107.203.240

2.6 kB

URL GET
static.leadpages.net/images/favicon.ico
IP
34.107.203.240:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
FingerprintD8:FD:AD:CD:8D:45:95:5D:A9:9C:4E:AE:11:39:70:F3:A6:56:DA:77
ValidityMon, 08 Apr 2024 13:47:54 GMT - Sun, 07 Jul 2024 14:42:08 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
2.6 kB (2594 bytes)
Hash
0210a839146c090d313d070610e16bd2
f87bd57affad1046bf0f44db93f7c23304e43d55
76da9be859d0d9cd9ffa30b9aa9d07a34164acba1ec512c61bd1b7854c1fab7b

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 0908cc6a505c2d45d3a930af5358f2dd
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 2594
date: Sat, 20 Apr 2024 04:45:39 GMT
expires: Sat, 20 Apr 2024 04:50:39 GMT
cache-control: public, max-age=300
etag: "-6uIpg"
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=gzGB4eAjwGphCnmd3AzGgg&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=A48abqfuLZmXk5XcufFpnz&sid=n6hRdP9N3PfaV2vPuttrGn&cid=lp-gzGB4eAjwGphCnmd3AzGgg&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&rf=&rx=1280&ry=1024&tz=%2B00%3A00

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=gzGB4eAjwGphCnmd3AzGgg&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=A48abqfuLZmXk5XcufFpnz&sid=n6hRdP9N3PfaV2vPuttrGn&cid=lp-gzGB4eAjwGphCnmd3AzGgg&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&rf=&rx=1280&ry=1024&tz=%2B00%3A00
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
FingerprintC2:01:5A:85:07:D6:83:B5:63:23:55:57:C7:29:71:A6:B9:7C:EC:3E
ValidityWed, 21 Feb 2024 18:48:20 GMT - Tue, 21 May 2024 18:48:19 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/events/capture?k=view&a=leadpage&l=gzGB4eAjwGphCnmd3AzGgg&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=A48abqfuLZmXk5XcufFpnz&sid=n6hRdP9N3PfaV2vPuttrGn&cid=lp-gzGB4eAjwGphCnmd3AzGgg&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&rf=&rx=1280&ry=1024&tz=%2B00%3A00 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-origin: https://go.behindthemarkets.com
Server: Stargate
x-request-id: 02lnrt3vjcmjgno9ui4g
Date: Sat, 20 Apr 2024 04:45:39 GMT
access-control-allow-credentials: true
set-cookie: view.bb4wMKcXKB896PwqF4vMVT-default-prop.gzGB4eAjwGphCnmd3AzGgg=1713588339000; Domain=api.leadpages.io; expires=Sun, 21 Apr 2024 04:45:39 GMT; httponly; Max-Age=86400; Path=/analytics/v1/events/capture; SameSite=None; secure
X-Forwarded-For: 91.90.42.154

lh3.googleusercontent.com/1JBzk5OTIUlpS2duyosd--_s7_rVDs6XTyQfJD9YRTUFq4SMvAJgRmjxVxnvMk4UQJEXQtQatxo615aDSUSWNTO-XnwNUagGgms=w1280

142.250.74.97

200 OK

98 kB

URL GET HTTP/2
lh3.googleusercontent.com/1JBzk5OTIUlpS2duyosd--_s7_rVDs6XTyQfJD9YRTUFq4SMvAJgRmjxVxnvMk4UQJEXQtQatxo615aDSUSWNTO-XnwNUagGgms=w1280
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 626x313, components 3
Size
98 kB (97455 bytes)
Hash
1dfda527ae2e8c20a9cdc1af8ea62920
15bb3b94592975552310816c663d435a5a9f9623
961b4dc079eeceb667a4db3ed9a4ad73482d1c32de88e5bb43e17fa0f49255fc

HTTP Headers

GET /1JBzk5OTIUlpS2duyosd--_s7_rVDs6XTyQfJD9YRTUFq4SMvAJgRmjxVxnvMk4UQJEXQtQatxo615aDSUSWNTO-XnwNUagGgms=w1280 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 97455
x-xss-protection: 0
date: Sat, 20 Apr 2024 04:25:54 GMT
expires: Sun, 21 Apr 2024 04:25:54 GMT
cache-control: public, max-age=86400, no-transform
age: 1185
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=44assETX84qBbGg2xNgF7U&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=136,1,Xsan3PT3SpYNWmDrZuZwkm

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=44assETX84qBbGg2xNgF7U&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=136,1,Xsan3PT3SpYNWmDrZuZwkm
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
FingerprintC2:01:5A:85:07:D6:83:B5:63:23:55:57:C7:29:71:A6:B9:7C:EC:3E
ValidityWed, 21 Feb 2024 18:48:20 GMT - Tue, 21 May 2024 18:48:19 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=44assETX84qBbGg2xNgF7U&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=136,1,Xsan3PT3SpYNWmDrZuZwkm HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-origin: https://go.behindthemarkets.com
Server: Stargate
x-request-id: 02lnrt5jsad0bjd5ld10
Date: Sat, 20 Apr 2024 04:45:39 GMT
access-control-allow-credentials: true
X-Forwarded-For: 91.90.42.154

lh3.googleusercontent.com/tt2DPU2PRU88zJWVilJgcb8EYEAbe5isdg3o_3AwHs538iLTnjJFcL8q1R8x2Kc4Ru9eGg5g1n_BohLuISxBf1CijFvq3lhguVY9=w1064

142.250.74.97

200 OK

69 kB

URL GET HTTP/3
lh3.googleusercontent.com/tt2DPU2PRU88zJWVilJgcb8EYEAbe5isdg3o_3AwHs538iLTnjJFcL8q1R8x2Kc4Ru9eGg5g1n_BohLuISxBf1CijFvq3lhguVY9=w1064
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
PNG image data, 1064 x 197, 8-bit/color RGBA, non-interlaced
Size
69 kB (69027 bytes)
Hash
9b97f6e005b2f1a8e177cc4eb518a109
bbdb7e214525ba28bd16766e81ad9cabd361569d
aaae268765615295c8949b10bcbd2cbca39703e2e7366fd8c52ae1aa536a1435

HTTP Headers

GET /tt2DPU2PRU88zJWVilJgcb8EYEAbe5isdg3o_3AwHs538iLTnjJFcL8q1R8x2Kc4Ru9eGg5g1n_BohLuISxBf1CijFvq3lhguVY9=w1064 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 69027
x-xss-protection: 0
date: Sat, 20 Apr 2024 04:25:55 GMT
expires: Sun, 21 Apr 2024 04:25:55 GMT
cache-control: public, max-age=86400, no-transform
age: 1184
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css

34.107.203.240

200 OK

15 kB

URL GET HTTP/3
static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
FingerprintD8:FD:AD:CD:8D:45:95:5D:A9:9C:4E:AE:11:39:70:F3:A6:56:DA:77
ValidityMon, 08 Apr 2024 13:47:54 GMT - Sun, 07 Jul 2024 14:42:08 GMT

File type
ASCII text, with very long lines (58749)
Size
15 kB (14628 bytes)
Hash
84d8ad2b4fcdc0f0c58247e778133b3a
6f33eae92d42fe209167139940a0ad6a3c6c167e
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

HTTP Headers

GET /fonts/font-awesome/5.14.0/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
x-cloud-trace-context: a87fb2cc080ce9432cd1ecfa2fd9e2f5
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 14628
date: Thu, 28 Mar 2024 07:22:21 GMT
expires: Fri, 28 Mar 2025 07:22:21 GMT
cache-control: public, max-age=31536000
age: 1977798
etag: "-6uIpg"
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

js.center.io/center.js

216.239.36.21

200 OK

5.4 kB

URL GET HTTP/2
js.center.io/center.js
IP
216.239.36.21:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint4F:B0:A1:20:96:F5:9A:75:29:3C:B1:38:81:42:BB:1C:6E:E7:5A:A4
ValidityFri, 01 Mar 2024 18:22:06 GMT - Thu, 30 May 2024 18:58:09 GMT

File type
JavaScript source, ASCII text, with very long lines (566)
Size
5.4 kB (5417 bytes)
Hash
60f05ff45d707fe36d87b75bf181800d
e34d94b519ed465481596bcff099467feb0aafdd
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

HTTP Headers

GET /center.js HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Cookie: centerVisitorId=A48abqfuLZmXk5XcufFpnz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-cloud-trace-context: 36f3070525bdb75cd2a86b4eb5e69919
content-encoding: gzip
server: Google Frontend
content-length: 5417
date: Sat, 20 Apr 2024 04:42:12 GMT
expires: Sat, 20 Apr 2024 04:47:12 GMT
cache-control: public, max-age=300
age: 207
etag: "OMWYXg"
content-type: application/javascript
X-Firefox-Spdy: h2

fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2

216.58.207.227

200 OK

45 kB

URL GET HTTP/2
fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44584, version 1.0
Size
45 kB (44584 bytes)
Hash
e04669366cda1aca21161f9e22bac3ae
157532ec5cdb07c395eb96aa6e9d0de1eeb869a7
43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47

HTTP Headers

GET /s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44584
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:38:34 GMT
expires: Fri, 18 Apr 2025 02:38:34 GMT
cache-control: public, max-age=31536000
age: 180425
last-modified: Mon, 03 Apr 2023 20:46:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:35:00 GMT
expires: Fri, 18 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 180639
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:35:00 GMT
expires: Fri, 18 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 180639
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je44h0v874108444z8812088355za200&_p=1713588338589&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=391506763.1713588339&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713588339&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&dt=BTM%20-%20End%20Disease%20-%20VSL&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0&tfd=3612

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je44h0v874108444z8812088355za200&_p=1713588338589&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=391506763.1713588339&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713588339&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&dt=BTM%20-%20End%20Disease%20-%20VSL&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0&tfd=3612
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je44h0v874108444z8812088355za200&_p=1713588338589&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=391506763.1713588339&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713588339&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&dt=BTM%20-%20End%20Disease%20-%20VSL&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0&tfd=3612 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Sat, 20 Apr 2024 04:45:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/identify.html

216.239.36.21

200 OK

2.0 kB

URL GET HTTP/2
js.center.io/identify.html
IP
216.239.36.21:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint4F:B0:A1:20:96:F5:9A:75:29:3C:B1:38:81:42:BB:1C:6E:E7:5A:A4
ValidityFri, 01 Mar 2024 18:22:06 GMT - Thu, 30 May 2024 18:58:09 GMT

File type
HTML document, ASCII text, with very long lines (612)
Size
2.0 kB (2016 bytes)
Hash
0ba3629e9c8b8af4c7a13d344978898a
c05b5c80e1eec6e630547ecfacf11eb86391e4b6
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

HTTP Headers

GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Cookie: centerVisitorId=A48abqfuLZmXk5XcufFpnz
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-cloud-trace-context: 1eb4c7444fa8e0de214caf8e2438575f
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Sat, 20 Apr 2024 04:43:41 GMT
expires: Sat, 20 Apr 2024 04:48:41 GMT
cache-control: public, max-age=300
age: 118
etag: "OMWYXg"
content-type: text/html
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/stream.m3u8

151.101.193.91

200 OK

1.2 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/stream.m3u8
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
1.2 kB (1190 bytes)
Hash
46d1133df22215a49a063934b2dbf311
9d593efd3cbee2fa87dffae771c1a4e039efa984
062a063c4d24e598ea41b8218946716f27c04f33a2a8412d1b153720e078fe60

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/stream.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 1190
x-guploader-uploadid: ABPtcPo74lYgRgQ7nZlCeDv01l2l8U211rrCmSGowAtPu4mv6Eg92YcqfZn3q9oOeav-TgREVCjOE3XysQ
cache-control: public, max-age=31104000
expires: Wed, 15 Jan 2025 09:07:35 GMT
last-modified: Wed, 01 Nov 2023 16:33:17 GMT
etag: "46d1133df22215a49a063934b2dbf311"
x-goog-generation: 1698856397663209
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1190
content-type: application/vnd.apple.mpegurl
x-goog-hash: crc32c=I2T/lw==, md5=RtETPfIiFaSaBjk0stvzEQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:39 GMT
age: 1012611
x-served-by: cache-dfw-kdfw8210035-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 2122, 4
x-timer: S1713588340.964818,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/thumb/preview-5_0.jpg

151.101.193.91

200 OK

1.8 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/thumb/preview-5_0.jpg
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 107x60, components 3
Size
1.8 kB (1766 bytes)
Hash
e0dd2531c58128ab626a5f258eff8b6c
2a2859b25d9a48cbce44c406ed5309d38bfe7abe
414543d2fd0b68e6101d285dace0630fdb8d0b04774b7322c3a3eb39dca7eafc

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/thumb/preview-5_0.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 1766
x-guploader-uploadid: ABPtcPrgSjQPf66RW4GUUsCzgMpRkdPVEeicjJNptYdLUYl2DhZ_d0vyo-U8bFG2tTg7pjrpn5MeMhL0cg
cache-control: public, max-age=31104000
expires: Mon, 31 Mar 2025 02:29:46 GMT
last-modified: Wed, 01 Nov 2023 15:47:57 GMT
etag: "e0dd2531c58128ab626a5f258eff8b6c"
x-goog-generation: 1698853677804332
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1766
content-type: image/jpeg
x-goog-hash: crc32c=YYMNfA==, md5=4N0lMcWBKKtial8ljv+LbA==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:39 GMT
age: 1304153
x-served-by: cache-dfw-kdal2120114-DFW, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 695, 4
x-timer: S1713588340.977991,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/video_TS_h264_aac_96000_1280x720_2500000_variant.m3u8

151.101.193.91

200 OK

50 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/video_TS_h264_aac_96000_1280x720_2500000_variant.m3u8
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
50 kB (49891 bytes)
Hash
9a0cc094db4290929505720d63eb4e9d
edec0ff92ecfe853e5f13b3c0f1ebcf2d53492a9
28b9a727da2c7d52020b053aed15481a4a27b2bb0df67f2d299cf058c894cd8d

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/video_TS_h264_aac_96000_1280x720_2500000_variant.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 49891
x-guploader-uploadid: ABPtcPqW3A-oaz5rbNQdmh4EzfVf7LUGW8e127EwCbKVhv-iz4kJMihi1ieJZ7hT1Gv5SeQOALU
cache-control: public, max-age=31104000
expires: Sat, 15 Feb 2025 20:34:52 GMT
last-modified: Wed, 01 Nov 2023 16:33:17 GMT
etag: "9a0cc094db4290929505720d63eb4e9d"
x-goog-generation: 1698856397666776
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 49891
content-type: application/vnd.apple.mpegurl
x-goog-hash: crc32c=d0dQBg==, md5=mgzAlNtCkJKVBXINY+tOnQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:39 GMT
age: 5040648
x-served-by: cache-dfw-kdal2120066-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 176, 5
x-timer: S1713588340.989894,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/audio_TS_h264_aac_96000_variant.m3u8

151.101.193.91

200 OK

39 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/audio_TS_h264_aac_96000_variant.m3u8
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
39 kB (38611 bytes)
Hash
948f7ac97db7463b5f4a0d7c6d4848e5
e7cce766f0371c869216527adfbf6f2c4034aa0f
cc2b10817f0f53a786420be87f9720771638edd3b7a888c274ce685f7e087c84

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/audio_TS_h264_aac_96000_variant.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 38611
x-guploader-uploadid: ABPtcPp-liXpc-9ChCo6nFXdqQQWSMYjiOqKrd0KsoiUahyblGvY3xEyIx2ZIMuxHxuGAA3uJzI
cache-control: public, max-age=31104000
expires: Thu, 03 Apr 2025 12:42:26 GMT
last-modified: Wed, 01 Nov 2023 16:33:17 GMT
etag: "948f7ac97db7463b5f4a0d7c6d4848e5"
x-goog-generation: 1698856397581797
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 38611
content-type: application/vnd.apple.mpegurl
x-goog-hash: crc32c=PESr9g==, md5=lI96yX23RjtfSg18bUhI5Q==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:39 GMT
age: 1008193
x-served-by: cache-dfw-kdal2120039-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 1683, 4
x-timer: S1713588340.992106,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/video/1280x720_h264_2500000/1.ts

151.101.193.91

200 OK

620 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/video/1280x720_h264_2500000/1.ts
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
MPEG transport stream data
Size
620 kB (620400 bytes)
Hash
64b75a21968e3482ef5ff9fda1df19a9
244114f9e2fb1c751f09224046a76d16d2df7c56
37040c79dcea7eb9005373217f48188a318401e56c55f192a0a64a22e5158064

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/video/1280x720_h264_2500000/1.ts HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 620400
x-guploader-uploadid: ABPtcPr0HI39hlfH8uRoGmON1xCQQxEBV0Ckf1Omn_B3kO5RvexTSwR9F1PKqrHmbCkpoQqYRR8udCgBy5cjZ9D9uHUzp-Z6c3b2
cache-control: public, max-age=31104000
expires: Tue, 29 Oct 2024 08:53:09 GMT
last-modified: Wed, 01 Nov 2023 16:28:18 GMT
etag: "64b75a21968e3482ef5ff9fda1df19a9"
x-goog-generation: 1698856098890113
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 620400
content-type: video/mp2t
x-goog-hash: crc32c=LrjFGA==, md5=ZLdaIZaONILvX/n9od8ZqQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
age: 3786788
date: Sat, 20 Apr 2024 04:45:40 GMT
x-served-by: cache-dfw-kdfw8210077-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 4632, 0
x-timer: S1713588340.020531,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/audio/aac_96000/1.ts

151.101.193.91

200 OK

52 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/audio/aac_96000/1.ts
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
MPEG transport stream data
Size
52 kB (52076 bytes)
Hash
245cccb5261f4ad8e905148cb356ad50
c0fff22a0299189e2e8c4be9dc9847b425a1b6a7
6ccc7179498f8e470ca92b8c53cac1f7ee7ec65d2569289c3b97e1658208c863

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/audio/aac_96000/1.ts HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 52076
x-guploader-uploadid: ABPtcPrXeIipZD8npUfwW1W5jxXP_Q7DIHu5fFY0ycWy1NHSda4zq2oQJhuT0OXougBAlUACRwHGYe3G3uGcQW3S0ZDdnZ3u_XT3
cache-control: public, max-age=31104000
expires: Sat, 26 Oct 2024 18:30:47 GMT
last-modified: Wed, 01 Nov 2023 16:30:10 GMT
etag: "245cccb5261f4ad8e905148cb356ad50"
x-goog-generation: 1698856210456030
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 52076
content-type: video/mp2t
x-goog-hash: crc32c=bI4Lmw==, md5=JFzMtSYfStjpBRSMs1atUA==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:40 GMT
age: 994387
x-served-by: cache-dfw-kdfw8210099-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 755, 4
x-timer: S1713588340.031774,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/video_TS_h264_aac_96000_1920x1080_4000000_variant.m3u8

151.101.193.91

200 OK

51 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/video_TS_h264_aac_96000_1920x1080_4000000_variant.m3u8
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
51 kB (50831 bytes)
Hash
5950a8f430aa3b4dee44f2ba58c9222e
c08c28ef9160a04309f1ca4000d8228a20001167
8a9484548074a186c6e99d528b022c0681696dcaf344a03b793e2395a4b9e617

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/video_TS_h264_aac_96000_1920x1080_4000000_variant.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 50831
x-guploader-uploadid: ABPtcPqfDT5uj6rlHtap1ucW36BElCNd4Rd8tHAMEcbaMdchjxHyauq51ldwtDDBq6-ZnOR1aZi1_6isWps07s_wPoP3Ig
cache-control: public, max-age=31104000
expires: Mon, 11 Nov 2024 11:42:45 GMT
last-modified: Wed, 01 Nov 2023 16:33:17 GMT
etag: "5950a8f430aa3b4dee44f2ba58c9222e"
x-goog-generation: 1698856397642547
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 50831
content-type: application/vnd.apple.mpegurl
x-goog-hash: crc32c=YmJpxQ==, md5=WVCo9DCqO03uRPK6WMkiLg==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:40 GMT
age: 1118450
x-served-by: cache-dfw-kdfw8210153-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 2678, 4
x-timer: S1713588340.206200,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/audio/aac_96000/2.ts

151.101.193.91

200 OK

53 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/audio/aac_96000/2.ts
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
MPEG transport stream data
Size
53 kB (52640 bytes)
Hash
339d749759f90783fa3b72a798d818ea
8a5706e33a5b69e112e8ed1aafbeaaada70bd5e0
f0373e3ddd83f795c6798be567390242d68ace52e85cca288083416e412b678e

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/ts/audio/aac_96000/2.ts HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 52640
x-guploader-uploadid: ABPtcPrm6fp0M-_vRA8E_ETI0cfZ6zdCavntcR-Od9i-PczBOpF3xotRcJHZ7IMeyujJwf7c38-6QjTCHg
cache-control: public, max-age=31104000
expires: Sun, 26 Jan 2025 21:07:24 GMT
last-modified: Wed, 01 Nov 2023 16:30:11 GMT
etag: "339d749759f90783fa3b72a798d818ea"
x-goog-generation: 1698856211611606
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 52640
content-type: video/mp2t
x-goog-hash: crc32c=CAoRrQ==, md5=M510l1n5B4P6O3KnmNgY6g==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:40 GMT
age: 1275862
x-served-by: cache-dfw-kdfw8210110-DFW, cache-hel1410030-HEL
x-cache: HIT, HIT
x-cache-hits: 695, 5
x-timer: S1713588340.207408,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

analytics-ingress-global.bitmovin.com/licensing

35.190.27.197

200 OK

77 B

URL POST HTTP/2
analytics-ingress-global.bitmovin.com/licensing
IP
35.190.27.197:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoDaddy.com, Inc.
Subject*.bitmovin.com
FingerprintA3:12:09:E0:2B:6B:C9:36:D1:AE:E8:38:F4:5F:1B:F6:B2:47:16:3C
ValidityMon, 08 May 2023 12:46:05 GMT - Sat, 08 Jun 2024 12:46:05 GMT

File type
JSON text data
Size
77 B (77 bytes)
Hash
40f9443d5dc02e385b00b24c1f570269
c0e65fe8f73334d638173b9e33eff4f36d913104
ea71115c171f3b6874e256a1ff1e30431229a21b584371e0b36eae66cb5d2d9f

HTTP Headers

POST /licensing HTTP/1.1
Host: analytics-ingress-global.bitmovin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 110
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: v1.62.1
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: application/json
content-length: 77
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/thumb/thumbnail-5_0.jpg

151.101.193.91

200 OK

55 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/thumb/thumbnail-5_0.jpg
IP
151.101.193.91:443
ASN
#54113 FASTLY

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1920x1080, components 3
Size
55 kB (54963 bytes)
Hash
6ddabd7b257633af8f2be4cc53da7585
04156080830268cb33760c2e7c3415d2de773d34
51faf1ff42137f7635b3c02153724e24775c4c4d75bd6483ca51411baad84ffa

HTTP Headers

GET /video/PzpZ_7KZ/JfgqHqA_bmhNHVAt/114677/116439__FFMPEG/thumb/thumbnail-5_0.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 54963
x-guploader-uploadid: ABPtcPoLd-7Suk-I_XSJ0Ou0Kxf9sNTL00CkiWr3evFKpq8sZigWBZXI2ynzEJEIJiVDDoQer9ffucfTccG-YiMlvUqQaGxpiUxb
cache-control: public, max-age=31104000
expires: Sat, 26 Oct 2024 18:30:47 GMT
last-modified: Wed, 01 Nov 2023 15:47:57 GMT
etag: "6ddabd7b257633af8f2be4cc53da7585"
x-goog-generation: 1698853677808355
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 54963
content-type: image/jpeg
x-goog-hash: crc32c=GpH4Dw==, md5=bdq9eyV2M6+PK+TMU9p1hQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
server: UploadServer
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-lb-backend: gcs-prod
x-lb-cache: miss
accept-ranges: bytes
date: Sat, 20 Apr 2024 04:45:40 GMT
age: 1096274
x-served-by: cache-dfw-kdfw8210025-DFW, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 1230, 4
x-timer: S1713588340.198680,VS0,VE0
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
x-cdn: 5
x-cdn-site: c5-prod
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=22,282,273,579,4,752,1074,1119,2712,2714

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=22,282,273,579,4,752,1074,1119,2712,2714
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
FingerprintC2:01:5A:85:07:D6:83:B5:63:23:55:57:C7:29:71:A6:B9:7C:EC:3E
ValidityWed, 21 Feb 2024 18:48:20 GMT - Tue, 21 May 2024 18:48:19 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=22,282,273,579,4,752,1074,1119,2712,2714 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
x-request-id: 02lnrtb5mhk50srsp7t0
Date: Sat, 20 Apr 2024 04:45:40 GMT
access-control-allow-credentials: true
access-control-expose-headers: LP-Security-Token
X-Forwarded-For: 91.90.42.154

stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ

107.178.211.97

200 OK

43 B

URL GET HTTP/2
stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /awesome-log?cid=PzpZ_7KZ HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-headers: Accept, Content-Type, Origin, Range, X-Requested-With
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
cache-control: no-cache, public, max-age=2592000
content-length: 43
content-type: image/gif
etag: "PzpZ_7KZ/9B8pmCSjc2AFcJmv"
date: Sat, 20 Apr 2024 04:45:40 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=44assETX84qBbGg2xNgF7U&kind=timer&label=lb_embed_leadbox_load&value=782

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=44assETX84qBbGg2xNgF7U&kind=timer&label=lb_embed_leadbox_load&value=782
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
FingerprintC2:01:5A:85:07:D6:83:B5:63:23:55:57:C7:29:71:A6:B9:7C:EC:3E
ValidityWed, 21 Feb 2024 18:48:20 GMT - Tue, 21 May 2024 18:48:19 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=44assETX84qBbGg2xNgF7U&kind=timer&label=lb_embed_leadbox_load&value=782 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-credentials: true
Server: Stargate
x-request-id: 02lnrtcml5bk7l7bpto0
Date: Sat, 20 Apr 2024 04:45:40 GMT
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 91.90.42.154

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 4620
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Sat, 20 Apr 2024 04:45:40 GMT
content-length: 16
x-envoy-upstream-service-time: 2
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.load&eid=20&u=AgAAAAAIIAAAAIAg&h=Ag&z=0

142.250.74.168

200 OK

0 B

URL GET HTTP/3
www.googletagmanager.com/a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.load&eid=20&u=AgAAAAAIIAAAAIAg&h=Ag&z=0
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a?id=G-8R6YNFMJ23&v=3&t=t&pid=596655011&cv=1&rv=44h0&tc=27&es=1&e=gtm.load&eid=20&u=AgAAAAAIIAAAAIAg&h=Ag&z=0 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 20 Apr 2024 04:45:40 GMT
content-type: text/html
server: Google Tag Manager
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 449
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Sat, 20 Apr 2024 04:45:40 GMT
content-length: 16
x-envoy-upstream-service-time: 2
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 699
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Sat, 20 Apr 2024 04:45:40 GMT
content-length: 16
x-envoy-upstream-service-time: 13
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 408
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Sat, 20 Apr 2024 04:45:41 GMT
content-length: 16
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint91:E2:FF:FD:57:97:9B:B0:E0:EA:ED:AC:5A:8A:CE:E8:D7:37:E5:AD
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 450
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Sat, 20 Apr 2024 04:45:41 GMT
content-length: 16
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=hwGA3V93Vr8TbStxyadFb3&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=82,318,1,476

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=hwGA3V93Vr8TbStxyadFb3&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=82,318,1,476
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
FingerprintC2:01:5A:85:07:D6:83:B5:63:23:55:57:C7:29:71:A6:B9:7C:EC:3E
ValidityWed, 21 Feb 2024 18:48:20 GMT - Tue, 21 May 2024 18:48:19 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=hwGA3V93Vr8TbStxyadFb3&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=82,318,1,476 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-credentials: true
Server: Stargate
x-request-id: 02lnru5oc0di3h1lanig
Date: Sat, 20 Apr 2024 04:45:43 GMT
access-control-allow-origin: https://go.behindthemarkets.com
X-Forwarded-For: 91.90.42.154

api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=mf99XpEC4mbjphxqjKN2NS&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=22,121,1

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=mf99XpEC4mbjphxqjKN2NS&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=22,121,1
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
FingerprintC2:01:5A:85:07:D6:83:B5:63:23:55:57:C7:29:71:A6:B9:7C:EC:3E
ValidityWed, 21 Feb 2024 18:48:20 GMT - Tue, 21 May 2024 18:48:19 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=mf99XpEC4mbjphxqjKN2NS&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=22,121,1 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-credentials: true
Server: Stargate
x-request-id: 02lnru81jvvhsgleq74g
Date: Sat, 20 Apr 2024 04:45:44 GMT
access-control-allow-origin: https://btm-btm-btm.lpages.co
X-Forwarded-For: 91.90.42.154

region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je44h0v874108444z8812088355za200&_p=1713588338589&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=391506763.1713588339&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713588339&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&dt=BTM%20-%20End%20Disease%20-%20VSL&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=391506763.1713588339.&upn.variant_id=0&upn.experiment_id=0&tfd=8799

216.239.34.36

204 No Content

0 B

URL POST HTTP/3
region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je44h0v874108444z8812088355za200&_p=1713588338589&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=391506763.1713588339&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713588339&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&dt=BTM%20-%20End%20Disease%20-%20VSL&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=391506763.1713588339.&upn.variant_id=0&upn.experiment_id=0&tfd=8799
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je44h0v874108444z8812088355za200&_p=1713588338589&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=391506763.1713588339&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713588339&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-end-disease-vsl%2F%3F_ef_transaction_id%3D9c93c8e1c89742bba9149c2b92898f91%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415447649292212428%26iocid%3D%26aff%3D5%26oid%3D93&dt=BTM%20-%20End%20Disease%20-%20VSL&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=391506763.1713588339.&upn.variant_id=0&upn.experiment_id=0&tfd=8799 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Sat, 20 Apr 2024 04:45:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.behindthemarkets-btm.com/7BZ2W/5L55FG/?sub1=3415447649292212428

104.21.85.245

302 Found

112 kB

URL User Request GET HTTP/2
www.behindthemarkets-btm.com/7BZ2W/5L55FG/?sub1=3415447649292212428
IP
104.21.85.245:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbehindthemarkets-btm.com
FingerprintCB:C3:56:D1:00:87:27:BD:0E:F2:9E:CE:DA:B7:08:88:CB:02:77:14
ValidityMon, 26 Feb 2024 12:58:33 GMT - Sun, 26 May 2024 12:58:32 GMT

File type

Size
112 kB (111484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7BZ2W/5L55FG/?sub1=3415447649292212428 HTTP/1.1
Host: www.behindthemarkets-btm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 20 Apr 2024 04:45:37 GMT
content-type: text/html; charset=utf-8
location: https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
set-cookie: uniqueClick_5L55FG=6d6ab746-7549-4588-b6af-d33205c7090c:1713588337; Path=/; Expires=Sun, 21 Apr 2024 04:45:37 GMT; SameSite=None
transaction_id=9c93c8e1c89742bba9149c2b92898f91; Path=/; Expires=Fri, 19 Jul 2024 04:45:37 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 40a12d5c-0b58-4eb8-b270-5b9ff6da8337
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdDR8U37CHphJreuwBsQPZiHxuDag5TC9xX6CP1Fbg0xaOKoLGMV9p4uBgSzTMPR5tev9mbcwJkSfz%2BD5clW9%2FEJpCpvfplDrTFlWxiPmAHGx13%2F4b1y0y8gg93Fe%2FCNvFom44prECSwh6rq75AV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87727c64bffd56c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

verifiedwebpage.com/go?ehash=2ff69998b1104c325e8fa4c9724fada2&product=30099&ar=48&cid=2129724604&lid=139350&slhash=fa5e862d7c11eec74a11925f52883810&mtaid=63293&cid2=[s8]&cloudf_filter=1

104.18.20.187

302 Found

112 kB

URL User Request GET HTTP/2
verifiedwebpage.com/go?ehash=2ff69998b1104c325e8fa4c9724fada2&product=30099&ar=48&cid=2129724604&lid=139350&slhash=fa5e862d7c11eec74a11925f52883810&mtaid=63293&cid2=[s8]&cloudf_filter=1
IP
104.18.20.187:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectverifiedwebpage.com
FingerprintB6:7C:0D:93:CD:D6:56:A3:74:B9:46:38:F0:C7:A5:31:BC:5F:AF:56
ValidityWed, 10 Apr 2024 21:43:08 GMT - Tue, 09 Jul 2024 21:43:07 GMT

File type

Size
112 kB (111484 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /go?ehash=2ff69998b1104c325e8fa4c9724fada2&product=30099&ar=48&cid=2129724604&lid=139350&slhash=fa5e862d7c11eec74a11925f52883810&mtaid=63293&cid2=[s8]&cloudf_filter=1 HTTP/1.1
Host: verifiedwebpage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 20 Apr 2024 04:45:37 GMT
content-type: text/html; charset=UTF-8
location: https://www.behindthemarkets-btm.com/7BZ2W/5L55FG/?sub1=3415447649292212428
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: User-Agent
cf-cache-status: DYNAMIC
set-cookie: PHPSESSID=9031e92b59a36113a97d9566124ac3bf; path=/
pixel_session_hash_30099=3415447649292212428; expires=Mon, 20-May-2024 04:45:36 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
bt_tracking_product_30099=271242b137dbc39791d8cdbea7fde48a2019e0bb3f4c47829604721a962b83cb; expires=Mon, 22-Apr-2024 04:45:36 GMT; Max-Age=172800
__cf_bm=ivm0MyLYCoRbuDsxzX9UoHQDM7EI4ZxE_D_NiVKs4NM-1713588337-1.0.1.1-2bOrXB3Siofj7gjKeoerv2vz0g5YC3ONg0sSI1WrVN2oFa.olU58Auko5Po3I3RASNr4QgR6PeYkbMMmMHKa0A; path=/; expires=Sat, 20-Apr-24 05:15:37 GMT; domain=.verifiedwebpage.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87727c5ecb0cb4f3-OSL
X-Firefox-Spdy: h2

lh3.googleusercontent.com/Q7ckMaOculnRenLl4AplbzUQf_tFJliJ_VfkWiUPvZ7Q5pD0skUZZFAqMZ1tsuxgIdq3NBR98kzWA8XOYWL16PhkR60pueOipk0=w16

142.250.74.97

200 OK

377 B

URL GET HTTP/2
lh3.googleusercontent.com/Q7ckMaOculnRenLl4AplbzUQf_tFJliJ_VfkWiUPvZ7Q5pD0skUZZFAqMZ1tsuxgIdq3NBR98kzWA8XOYWL16PhkR60pueOipk0=w16
IP
142.250.74.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint6E:66:E1:45:85:5C:3A:EB:60:4A:8E:EF:62:B8:7C:E3:C7:1B:FA:47
ValidityMon, 18 Mar 2024 20:34:07 GMT - Mon, 10 Jun 2024 20:34:06 GMT

File type
PNG image data, 16 x 6, 8-bit/color RGB, non-interlaced
Size
377 B (377 bytes)
Hash
ed4137102d21623f529b27def8c75cb2
6e42b34bb4dd05ca21d3080cf053428b1d22b542
fe29fbc2a49916e11f94d481b36086c3032902f8414df1f9de6afcca8e4eb7f9

HTTP Headers

GET /Q7ckMaOculnRenLl4AplbzUQf_tFJliJ_VfkWiUPvZ7Q5pD0skUZZFAqMZ1tsuxgIdq3NBR98kzWA8XOYWL16PhkR60pueOipk0=w16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 377
x-xss-protection: 0
date: Sat, 20 Apr 2024 02:47:21 GMT
expires: Sun, 21 Apr 2024 02:47:21 GMT
cache-control: public, max-age=86400, no-transform
age: 7098
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700

142.250.74.106

200 OK

24 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
ASCII text, with very long lines (1572)
Size
24 kB (23824 bytes)
Hash
d26d9179ea2b7413f5868794fd7f3eb9
6be7f7298a61f6df7812cee4fab963b1a2060419
5be81fce7768759e3209cd9b9178e7da5a8af2fed44b740e7fd27bb2b7f04b79

HTTP Headers

GET /css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 20 Apr 2024 04:45:39 GMT
date: Sat, 20 Apr 2024 04:45:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5

35.202.21.90

200 OK

92 kB

URL GET HTTP/2
btm-btm-btm.lpages.co/serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerLet's Encrypt
Subject*.lpages.co
FingerprintCA:40:9C:FC:AC:6F:98:FA:56:12:19:F4:C1:EE:D8:E4:CC:98:8E:A1
ValidityWed, 21 Feb 2024 15:49:11 GMT - Tue, 21 May 2024 15:49:10 GMT

File type

Size
92 kB (92089 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /serve-leadbox/Xsan3PT3SpYNWmDrZuZwkm/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&aff=5&id=3415447649292212428&iocid=&oid=93&utm_campaign=&utm_medium=&utm_source=5 HTTP/1.1
Host: btm-btm-btm.lpages.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 04:45:39 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
x-cache: MISS, HIT
etag: W/"1bc5cfd84014571e430264099cbff435"
last-modified: Tue, 27 Jun 2023 23:53:42 GMT
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2

embed.lpcontent.net/leadboxes/current/embed.js

34.107.203.240

200 OK

43 kB

URL GET HTTP/2
embed.lpcontent.net/leadboxes/current/embed.js
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-end-disease-vsl/?_ef_transaction_id=9c93c8e1c89742bba9149c2b92898f91&utm_source=5&utm_campaign=&utm_medium=&id=3415447649292212428&iocid=&aff=5&oid=93
Certificate
IssuerGoogle Trust Services LLC
Subjectembed.lpcontent.net
FingerprintFD:A4:56:03:B6:BA:9C:FD:30:9B:68:CA:EE:56:98:E7:5E:5F:4A:21
ValidityTue, 26 Mar 2024 23:09:25 GMT - Tue, 25 Jun 2024 00:02:39 GMT

File type
JavaScript source, ASCII text, with very long lines (30758)
Size
43 kB (42811 bytes)
Hash
7efcfabdb6209627ce8b016b1c4814eb
f3b8ebfc5fe452333c0fa14b15b28567f30921b9
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

HTTP Headers

GET /leadboxes/current/embed.js HTTP/1.1
Host: embed.lpcontent.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 69136268e65fb70c57910b1faacca0d5
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 14811
date: Sat, 20 Apr 2024 04:44:02 GMT
expires: Sat, 20 Apr 2024 04:49:02 GMT
cache-control: public, max-age=300
age: 96
etag: "-6uIpg"
content-type: application/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (37)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by