POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
 23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2995
Expires: Mon, 06 Feb 2023 00:43:35 GMT
Date: Sun, 05 Feb 2023 23:53:40 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6794
Expires: Mon, 06 Feb 2023 01:46:54 GMT
Date: Sun, 05 Feb 2023 23:53:40 GMT
Connection: keep-alive
|
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
 35.241.9.150
HTTP/2 200 OK
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 23:33:59 GMT
age: 1181
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /a/1610/click/1754/292605/c9c5c0e699ce1bb37e2629fdf88f7844aa93aa51/7b033fada2d39a0cb5636b6d1285387c470d28fd HTTP/1.1
Host: links.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
|
search
35.238.129.105
HTTP/1.1 308 Permanent Redirect
content-length: 0
location: https://links.goodlifestylenews.com/a/1610/click/1754/292605/c9c5c0e699ce1bb37e2629fdf88f7844aa93aa51/7b033fada2d39a0cb5636b6d1285387c470d28fd
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12991
Expires: Mon, 06 Feb 2023 03:30:11 GMT
Date: Sun, 05 Feb 2023 23:53:40 GMT
Connection: keep-alive
|
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
x-amz-id-2: vVyqTsLuM3qkTqR6MqEI5u6S3b0ygZ27AU+M6eyaOvyz60Bvr9JIKTpKcv0i9gZMoqzQpBvUhXs=
x-amz-request-id: JM65ASGYYBK3JVD9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 23:24:41 GMT
age: 1739
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
34.117.237.239
HTTP/2 200 OK
content-type: application/json
server: nginx
date: Sun, 05 Feb 2023 23:53:40 GMT
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.241.9.150
HTTP/2 200 OK
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 23:51:16 GMT
age: 145
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "C669EFA686F8FE0A3DAA7B8A795A4D6ADB3FA4B9F555F0ED2D502DC5E6073A8F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21564
Expires: Mon, 06 Feb 2023 05:53:05 GMT
Date: Sun, 05 Feb 2023 23:53:41 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11607
Expires: Mon, 06 Feb 2023 03:07:08 GMT
Date: Sun, 05 Feb 2023 23:53:41 GMT
Connection: keep-alive
|
GET /a/1610/click/1754/292605/c9c5c0e699ce1bb37e2629fdf88f7844aa93aa51/7b033fada2d39a0cb5636b6d1285387c470d28fd HTTP/1.1
Host: links.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
|
search
35.238.129.105
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
transfer-encoding: chunked
status: 302 Found
cache-control: no-cache
vary: Origin
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 4b4eed16-6d92-4f2a-86b1-6c9486e99ca3
location: https://go.goodlifestylenews.com/BTMDrug10/88eed08fb432b8d1a74c6048734d2fae/55/leadsource/1754/1610/b9cc225b3a6c3f425bdf8cd23e0a4317
x-download-options: noopen
x-runtime: 0.030200
x-content-type-options: nosniff
date: Sun, 05 Feb 2023 23:53:41 GMT
set-cookie: _session_id=76f65e6a1f3c2f3232cca99c43741a84; path=/; expires=Mon, 06 Feb 2023 11:53:41 GMT; HttpOnly
x-powered-by: Phusion Passenger 5.3.7
server: nginx/1.14.0 + Phusion Passenger 5.3.5
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
 93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 23:53:41 GMT
Server: ECS (amb/6B8E)
Content-Length: 278
|
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /9ml5i6DhZSHBb7EAu1Row==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
|
search
54.149.149.164
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9cs4lZH2+J3+WrSYyYIZeiwU1Gs=
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 23:53:42 GMT
Last-Modified: Sun, 05 Feb 2023 23:53:41 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Accept-Ranges: bytes
Cache-Control: max-age=103750
Date: Sun, 05 Feb 2023 23:53:42 GMT
Etag: "63df33cc-117"
Expires: Tue, 07 Feb 2023 04:42:52 GMT
Last-Modified: Sun, 05 Feb 2023 04:42:52 GMT
Server: nginx
Content-Length: 279
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10665
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:53:42 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10665
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:53:42 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10665
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:53:42 GMT
Connection: keep-alive
|
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
server: nginx
content-length: 12459
x-amzn-requestid: 5dd251ba-30e6-47aa-846a-9cefa9aa4928
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPHlWIAMFnZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-402585d71ebd0ebf75af210d;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dMwyfVFayhAjpMMOiE96N2N5TwdvJ52UvscJ6miuz4W3qNKXVS9jaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:11 GMT
age: 7411
etag: "8f4224824571577109bf32b1fa7646dbfb88e818"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
server: nginx
content-length: 3943
x-amzn-requestid: 918fd8d6-0118-4548-9380-e3078577a876
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzWBtEdKoAMFwnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de03a4-6d8ffde860d89fbc513a20f9;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:05:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZRVPNp0hKlSBXYjgbVfF8MGqNMHCKF2T4fAqflvZz8z-Uy9bKR9HhA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 07:17:18 GMT
age: 59784
etag: "4f370e81106ef09ce9294eaa074ff6922197ded0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /BTMDrug10/88eed08fb432b8d1a74c6048734d2fae/55/leadsource/1754/1610/b9cc225b3a6c3f425bdf8cd23e0a4317 HTTP/1.1
Host: go.goodlifestylenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
|
search
 104.21.30.61
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 23:53:42 GMT
location: https://VerifiedSecure.org/go?ehash=88eed08fb432b8d1a74c6048734d2fae&product=2876&ar=55&cid=1754&lid=1610&slhash=b9cc225b3a6c3f425bdf8cd23e0a4317&mtaid=[s7]&cid2=[s8]
cache-control: max-age=600
expires: Mon, 06 Feb 2023 00:03:43 GMT
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KjC7bHVLf8R%2FJzQQU4eBNuNsm5akoeg9QpWP40ZRZpaQnTu%2F%2BAQP8afqmOCJhAGQsmFBzvcV%2BabmfE4kURHjQ7x%2BuT77%2BRkFIoMHr%2BKY3EmB4JOaKD2AUVBDRdmM2jr1lSS2D8a2uAdps3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794f9123df6afabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d7cf8da-65c4-43dc-af2a-18f03b8da137.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
server: nginx
content-length: 2443
x-amzn-requestid: 9286f232-d186-458a-b956-fc919f1baf89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pDxEcWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02217-473937042af885b73a64632f;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:39:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AysPcQKKPCBmnBiZlH8u_Zv62m8TuhJXwzjgIokCmaq-J_LfaeBicA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
etag: "dcf6f03648c20c9c5c0d6688c766d7e2f943b4cb"
age: 7186
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8827daad-7b04-4c60-a6f6-c1b923025413.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
server: nginx
content-length: 7851
x-amzn-requestid: 11d3fe95-844b-4e5d-b31c-f99e96e2b608
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHeEIAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-602b91422dff88a750b8e3e9;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7LXNdWi5iKCUI61c2z3spsg5_DGu1jnZ4cIACc3MCmqWP57RveBMGw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 7419
etag: "afb91ab43953e8915a2169618d2ab5e330cde0a1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
server: nginx
content-length: 13230
x-amzn-requestid: 8171829a-cf6d-4c33-99a1-f3cef7cd4475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiTH8GoAMFYLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1597a0f06ef3db2534a101aa;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nvfp0sEYw5bxnFHisq80WCXh6T-LdFlPqs95tyX2epjMfhM_hjUj0A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 7419
etag: "a3653a9a7baea412808dd91572ff21e1a505c26f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 344
ETag: "0E375939EAFA3576F8A42352B73805281E40AF510DE885D874AE6BE214A58032"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 06 Feb 2023 05:53:43 GMT
Date: Sun, 05 Feb 2023 23:53:43 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 344
ETag: "0E375939EAFA3576F8A42352B73805281E40AF510DE885D874AE6BE214A58032"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 06 Feb 2023 05:53:43 GMT
Date: Sun, 05 Feb 2023 23:53:43 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "A040C8A337CACE538139D99F60327505026F7AD5023D2FBE777C7E90D8D44933"
Last-Modified: Sat, 04 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18287
Expires: Mon, 06 Feb 2023 04:58:31 GMT
Date: Sun, 05 Feb 2023 23:53:44 GMT
Connection: keep-alive
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /s/gts1d4/nQd1R-k6YuY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /s/gts1d4/FnnVkHgPuNk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /fonts/font-awesome/5.14.0/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
34.107.203.240
HTTP/2 200 OK
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
x-cloud-trace-context: 6d0c6ed46f0ad3268d1bd7b3e1ebb29d
content-encoding: gzip
server: Google Frontend
via: 1.1 google
date: Wed, 18 Jan 2023 22:06:45 GMT
expires: Thu, 18 Jan 2024 22:06:45 GMT
cache-control: public, max-age=31536000
etag: "rvb96Q"
content-length: 14628
age: 1561619
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /leadboxes/current/embed.js HTTP/1.1
Host: embed.lpcontent.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
34.107.203.240
HTTP/2 200 OK
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
x-cloud-trace-context: 1415011da781cc0b2358a03a654e926d
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 14811
date: Sun, 05 Feb 2023 23:51:40 GMT
expires: Sun, 05 Feb 2023 23:56:40 GMT
cache-control: public, max-age=300
etag: "rvb96Q"
age: 125
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 03:37:24 GMT
expires: Thu, 01 Feb 2024 03:37:24 GMT
cache-control: public, max-age=31536000
age: 418580
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 6705
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
POST /s/gts1d4/WT_FO6-f4_k HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 470679
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /gtm.js?id=GTM-WNRH3TX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
216.58.207.200
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 23:53:45 GMT
expires: Sun, 05 Feb 2023 23:53:45 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Feb 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 82420
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /s/rozhaone/v13/AlZy_zVFtYP12Zncg2kRcn35.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18176
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 00:34:59 GMT
expires: Fri, 02 Feb 2024 00:34:59 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 15:29:25 GMT
age: 343126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /center.js HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
216.239.36.21
HTTP/2 200 OK
content-type: application/javascript
x-cloud-trace-context: 49ecdbb63a55e595accb7919883f093a
content-encoding: gzip
server: Google Frontend
content-length: 5417
date: Sun, 05 Feb 2023 23:49:32 GMT
expires: Sun, 05 Feb 2023 23:54:32 GMT
cache-control: public, max-age=300
age: 253
etag: "OMWYXg"
X-Firefox-Spdy: h2
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /s/gts1d4/nQd1R-k6YuY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:45 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
|
search
216.239.36.21
HTTP/2 200 OK
content-type: text/html
x-cloud-trace-context: 7752e703328f712ccf49c159cd863376
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Sun, 05 Feb 2023 23:53:16 GMT
expires: Sun, 05 Feb 2023 23:58:16 GMT
cache-control: public, max-age=300
age: 29
etag: "OMWYXg"
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 344
ETag: "0E375939EAFA3576F8A42352B73805281E40AF510DE885D874AE6BE214A58032"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21598
Expires: Mon, 06 Feb 2023 05:53:43 GMT
Date: Sun, 05 Feb 2023 23:53:45 GMT
Connection: keep-alive
|
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 344
ETag: "0E375939EAFA3576F8A42352B73805281E40AF510DE885D874AE6BE214A58032"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21598
Expires: Mon, 06 Feb 2023 05:53:43 GMT
Date: Sun, 05 Feb 2023 23:53:45 GMT
Connection: keep-alive
|
GET /optimize.js?id=OPT-K7WPB5K HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
142.250.74.78
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Feb 2023 23:53:45 GMT
expires: Sun, 05 Feb 2023 23:53:45 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Feb 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:45 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 03 Feb 2023 19:31:18 GMT
Expires: Fri, 10 Feb 2023 19:31:17 GMT
Etag: "0659544fe8c13be682fe489e6b7fad35d78026c0"
Cache-Control: max-age=415651,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794f91399a80fabc-OSL
|
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: nginx
Content-Length: 503
ETag: "9A3720DB89A14EF4D59CA53C4E3421482B10EFC1BCC698C9688E37D369F2EEBE"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5809
Expires: Mon, 06 Feb 2023 01:30:34 GMT
Date: Sun, 05 Feb 2023 23:53:45 GMT
Connection: keep-alive
|
GET /scripts/sdk/everflow.js HTTP/1.1
Host: www.behindthemarkets-btm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
 188.114.96.1
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:45 GMT
cache-control: max-age=14400
vary: Origin, Accept-Encoding
x-eflow-request-id: 452e9276-519f-4f64-b26e-d2d36334f9df
via: 1.1 google
cf-cache-status: HIT
age: 1192
last-modified: Sun, 05 Feb 2023 23:33:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQEeRBM7hOzeaLHqlWJ%2FEgdMPFwTo5QA5Hjfd4o2HGx9dxw0ARcre5eMtAbn1uxASYGjmXKsq0knUjBgtHYa0zdJS6v5lubG5SVAxiB2g6ZOnD3jG36ySa5N4evzBhrp26wEXtKGYkDs%2FIFJ%2Fn34"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794f913988c8b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Accept-Ranges: bytes
Age: 3041
Cache-Control: max-age=132731
Date: Sun, 05 Feb 2023 23:53:45 GMT
Etag: "63df9923-138"
Expires: Tue, 07 Feb 2023 12:45:56 GMT
Last-Modified: Sun, 05 Feb 2023 11:55:15 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 312
|
GET /analytics/v1/events/capture?k=view&a=leadpage&l=5MWJ4aDmYxiYeFMVzRR5ja&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=5uzyLAPPfCWx5Pcg5Lt4Nx&sid=rGsrUcpy9KqWy2uqtnE27w&cid=lp-5MWJ4aDmYxiYeFMVzRR5ja&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-drug-smuggler-vsl%2F%3F_ef_transaction_id%3D3da0cf19e61c4fa6b42c97f1fb95ba12%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3414810360501256982%26iocid%3D%26aff%3D5%26creative_id%3D%26sub3%3D%26sub2%3D%26sub4%3D%26oid%3D60&rf=&rx=1280&ry=939&tz=%2B00%3A00 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.192.151.63
HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
x-request-id: 06qe7asrqds87naqtteg
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://go.behindthemarkets.com
Date: Sun, 05 Feb 2023 23:53:45 GMT
set-cookie: view.bb4wMKcXKB896PwqF4vMVT-default-prop.5MWJ4aDmYxiYeFMVzRR5ja=1675641226000; Domain=api.leadpages.io; expires=Mon, 06 Feb 2023 23:53:45 GMT; httponly; Max-Age=86400; Path=/analytics/v1/events/capture; SameSite=None; secure
X-Forwarded-For: 91.90.42.154
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Accept-Ranges: bytes
Age: 6512
Cache-Control: max-age=142272
Date: Sun, 05 Feb 2023 23:53:45 GMT
Etag: "63dfb0d9-139"
Expires: Tue, 07 Feb 2023 15:24:57 GMT
Last-Modified: Sun, 05 Feb 2023 13:36:25 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
|
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
 178.250.2.146
HTTP/2 200 OK
date: Sun, 05 Feb 2023 23:53:45 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=apPlbl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJlaFlHS1ZHM1NlUFBBSjFtOUsyU3VBQjYwMlZDM204d1Y4b2trJTJGbTYzQg; expires=Fri, 01 Mar 2024 23:53:45 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 279420
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Accept-Ranges: bytes
Age: 1526
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 23:53:45 GMT
Last-Modified: Sun, 05 Feb 2023 23:28:19 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
|
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Accept-Ranges: bytes
Age: 1526
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 23:53:45 GMT
Last-Modified: Sun, 05 Feb 2023 23:28:19 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 313
|
GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=KNcVXsCc5ztPZNyUctfZn2&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=299,1,VjsiWE8Kqvp6irG2dz7mk3 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.192.151.63
HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
x-request-id: 06qdlo6gqnp4uilli7sg
access-control-expose-headers: LP-Security-Token
Date: Sun, 05 Feb 2023 23:53:45 GMT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://go.behindthemarkets.com
Server: Stargate
X-Forwarded-For: 91.90.42.154
|
POST /g/collect?v=2&tid=G-8R6YNFMJ23>m=45je3210&_p=1955729504&_gaz=1&cid=1425378471.1675641268&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675641267&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-drug-smuggler-vsl%2F%3F_ef_transaction_id%3D3da0cf19e61c4fa6b42c97f1fb95ba12%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3414810360501256982%26iocid%3D%26aff%3D5%26creative_id%3D%26sub3%3D%26sub2%3D%26sub4%3D%26oid%3D60&dt=Drug%20Smuggler&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
|
search
216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
date: Sun, 05 Feb 2023 23:53:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
|
search
178.250.6.213
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 05 Feb 2023 23:53:45 GMT
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 113896
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1425378471.1675641268>m=45je3210&aip=1&z=874666952 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
142.250.74.67
HTTP/2 200 OK
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 23:53:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /SaAYUV3ZdA08XZjd4oKJkDY2F_lLndztqBsP_TwDMdEqu0W63fgaNeHjo4ibUpw17_W-cJ-SsdA9lbvyKm_tIgIm3Ts2yylbSCtF=s16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
142.250.74.129
HTTP/2 200 OK
content-type: image/jpeg
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 618
x-xss-protection: 0
date: Sun, 05 Feb 2023 23:53:46 GMT
expires: Sun, 29 Jan 2023 15:37:36 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
--- Additional Info ---
Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Picasa, copyright=Copyright (c) 2018 Andrus Ciprian/Shutterstock. No use without permission.], baseline, precision 8, 16x9, components 3\012- data
Size: 618
Md5: da1014e97e009ba764b207e05e8fa9d9
Sha1: 6ea8e9f91c56e98e729dcc9ce54ec227ba99d31f
Sha256: 8e2c92494c6f74948686e96f4248a002e9cb212a59ecd15aed00550aeb784045
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /g/collect?v=2&tid=G-8R6YNFMJ23&cid=1425378471.1675641268>m=45je3210&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
|
search
64.233.161.157
HTTP/2 204 No Content
content-type: text/plain
access-control-allow-origin: https://go.behindthemarkets.com
date: Sun, 05 Feb 2023 23:53:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /SaAYUV3ZdA08XZjd4oKJkDY2F_lLndztqBsP_TwDMdEqu0W63fgaNeHjo4ibUpw17_W-cJ-SsdA9lbvyKm_tIgIm3Ts2yylbSCtF=w1268 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
142.250.74.129
HTTP/2 200 OK
content-type: image/jpeg
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 234594
x-xss-protection: 0
date: Sun, 05 Feb 2023 23:53:46 GMT
expires: Sat, 04 Feb 2023 16:01:22 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=apPlbl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJlaFlHS1ZHM1NlUFBBSjFtOUsyU3VBQjYwMlZDM204d1Y4b2trJTJGbTYzQg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
178.250.2.146
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 05 Feb 2023 23:53:44 GMT
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=O3amHF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJlaFlHS1ZHM1NlUFBBSjFtOUsyU3VURTFjMCUyRlJkUm1lSThNZ1FLWWN3VA; expires=Fri, 01 Mar 2024 23:53:45 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 307109
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=92,371,247,711,1,725,946,971,2139,2147 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
35.192.151.63
HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
x-request-id: 06qe7b1jtje14gj9pbu0
Server: Stargate
Date: Sun, 05 Feb 2023 23:53:46 GMT
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
X-Forwarded-For: 91.90.42.154
|
GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=KNcVXsCc5ztPZNyUctfZn2&kind=timer&label=lb_embed_leadbox_load&value=597 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.192.151.63
HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
x-request-id: 06qdlo9gpkqkdddjc0kg
access-control-expose-headers: LP-Security-Token
Date: Sun, 05 Feb 2023 23:53:46 GMT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://go.behindthemarkets.com
Server: Stargate
X-Forwarded-For: 91.90.42.154
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-102395123-1&cid=1425378471.1675641268&jid=2130784005&_u=YADAAEAAQAAAACAAI~&z=1028735992 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
142.250.74.164
HTTP/2 200 OK
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 23:53:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
POST /api/load/ HTTP/1.1
Host: sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 436
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.86.95.232
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx
date: Sun, 05 Feb 2023 23:53:46 GMT
content-length: 869
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://go.behindthemarkets.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
set-cookie: __smSessionId=s%3ASy0kzbkWDFXTWlmReCqOBHWh.pUMzs2sKMY%2FInJo7ZgZPmzfk1zUmo0%2Bf0hL1iDlHlhg; Path=/; Expires=Mon, 06 Feb 2023 08:39:22 GMT; HttpOnly
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
|
OPTIONS /services HTTP/1.1
Host: sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
35.86.95.232
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Feb 2023 23:53:47 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000
X-Firefox-Spdy: h2
|
GET /video/PzpZ_7KZ/FN0qZGV6uEyef1az/75618/65567/thumb/preview-5_0.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
151.139.128.10
HTTP/2 200 OK
content-type: image/jpeg
date: Sun, 05 Feb 2023 23:53:47 GMT
content-length: 1756
last-modified: Thu, 22 Sep 2022 18:20:45 GMT
accept-ranges: bytes
x-guploader-uploadid: ADPycdvoQlwt1wnCsbXUO1WK7AUgEbDRCj3maEPMgCNwB1NxtWU4VsIDyiaOjxVDHFtqzUusYenFqiYczfcVd7PuBIzc5Ut9nyee
cache-control: public, max-age=31104000
etag: "9aa860258c3c385a75476e421e945ac3"
x-goog-generation: 1663870844917423
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1756
x-goog-hash: crc32c=yOsRKA==, md5=mqhgJYw8OFp1R25CHpRaww==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-hw: 1675641227.cds065.sk1.hn,1675641227.cds210.sk1.c
x-cdn: 4
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
192.124.249.23
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: Sucuri/Cloudproxy
Date: Sun, 05 Feb 2023 23:53:47 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 05 Feb 2023 15:57:37 GMT
Expires: Mon, 06 Feb 2023 15:57:37 GMT
ETag: "4cf6ec9d3cb7f35a972a9271ab16e0bbbcab441b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
POST /licensing HTTP/1.1
Host: analytics-ingress-global.bitmovin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 110
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.190.27.197
HTTP/2 200 OK
content-type: application/json
server: v1.55.1
date: Sun, 05 Feb 2023 23:53:47 GMT
content-length: 117
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
192.124.249.23
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: Sucuri/Cloudproxy
Date: Sun, 05 Feb 2023 23:53:47 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 05 Feb 2023 15:57:37 GMT
Expires: Mon, 06 Feb 2023 15:57:37 GMT
ETag: "4cf6ec9d3cb7f35a972a9271ab16e0bbbcab441b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
POST /analytics HTTP/1.1
Host: analytics-ingress-global.bitmovin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1274
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
35.190.27.197
HTTP/2 204 No Content
content-type: application/json
server: v1.55.1
date: Sun, 05 Feb 2023 23:53:47 GMT
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
POST /services HTTP/1.1
Host: sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Sumo-Auth: Sy0kzbkWDFXTWlmReCqOBHWh
Content-Length: 1026
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
35.86.95.232
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx
date: Sun, 05 Feb 2023 23:53:47 GMT
content-length: 205
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://go.behindthemarkets.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
set-cookie: __smSessionId=s%3Avy6XwBlsDVdywSxKd74LIzyV.xrQrw8DZW2GH3x0%2BwLUXPWTbEH6ErlqMQ9d1anOp8l8; Path=/; Expires=Mon, 06 Feb 2023 08:39:23 GMT; HttpOnly
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-Firefox-Spdy: h2
|
POST /licensing HTTP/1.1
Host: licensing.bitmovin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 154
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.227.229.24
HTTP/2 200 OK
content-type: application/json
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
date: Sun, 05 Feb 2023 23:53:48 GMT
content-length: 165
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:53:48 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 00:24:10 GMT
Expires: Sun, 12 Feb 2023 00:24:09 GMT
Etag: "f51ff75c19ff0710eec4cb2389c7b348308d6c24"
Cache-Control: max-age=519620,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794f914afb31fabc-OSL
|
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
|
search
192.124.249.23
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Server: Sucuri/Cloudproxy
Date: Sun, 05 Feb 2023 23:53:47 GMT
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 05 Feb 2023 15:57:37 GMT
Expires: Mon, 06 Feb 2023 15:57:37 GMT
ETag: "4cf6ec9d3cb7f35a972a9271ab16e0bbbcab441b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
GET /awesome-log?cid=PzpZ_7KZ HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
107.178.211.97
HTTP/2 200 OK
content-type: image/gif
access-control-allow-headers: Accept, Content-Type, Origin, Range, X-Requested-With
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-expose-headers: Access-Control-Allow-Origin, Cache-Control, ETag, etag
cache-control: no-cache, public, max-age=2592000
content-length: 43
etag: "PzpZ_7KZ/cS_9zCN_pmeQ8zUB"
date: Sun, 05 Feb 2023 23:53:48 GMT
x-envoy-upstream-service-time: 12
server: istio-envoy
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 09:41:19 GMT
expires: Wed, 31 Jan 2024 09:41:19 GMT
cache-control: public, max-age=31536000
age: 483149
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
OPTIONS /api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794 HTTP/1.1
Host: sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
35.86.95.232
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Feb 2023 23:53:48 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000
X-Firefox-Spdy: h2
|
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:09 GMT
age: 7420
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
GET /api/site/7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794/features?site_id=7ba3e90bf0be3182240cdc5943655819e1d64b8b1a4124f571976b878954c794 HTTP/1.1
Host: sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Sumo-Auth: Sy0kzbkWDFXTWlmReCqOBHWh
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
35.86.95.232
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: nginx
date: Sun, 05 Feb 2023 23:53:48 GMT
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://go.behindthemarkets.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
etag: "-362431178"
content-encoding: gzip
set-cookie: __smSessionId=s%3AULnXjJ9SqBpeWIYYJdhyrFyL.03sc%2B15ZIO2a5C3HJb3TJaJIjw0DxZet61497kWb%2F88; Path=/; Expires=Mon, 06 Feb 2023 08:39:24 GMT; HttpOnly
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
|
GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=UZq4GxmLWUxvHPRvKKBNiX&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=2,68,1 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://btm-btm-btm.lpages.co
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
35.192.151.63
HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
x-request-id: 06qe7bujibhivqd0lvrg
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
access-control-allow-origin: https://btm-btm-btm.lpages.co
Date: Sun, 05 Feb 2023 23:53:49 GMT
access-control-allow-credentials: true
X-Forwarded-For: 91.90.42.154
|
GET /js/ld/ld.js?a=93258 HTTP/1.1
Host: dynamic.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
178.250.0.147
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Sun, 05 Feb 2023 23:53:45 GMT
server: Kestrel
cache-control: public,max-age=10800
content-encoding: br
vary: Origin, Accept-Encoding
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /7.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:47 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"3fa9c18f727d4b42fb894fda90a374e1"
last-modified: Wed, 05 Oct 2022 16:49:48 GMT
x-amz-id-2: GWOiooInf74RFfKLS6/aHRNOBzvwNhALumChahsvwTSC1nnNLYVu2DAXpHl2mtUo10H/vFtinhU=
x-amz-request-id: SS5D7XVSSWFGRX6W
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/28/2022 12:07:50
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: c0984f9fea431862319b7fda52f059b1
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /23.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:47 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"be0b945be6cafa91f6fd4efdfc8268f8"
last-modified: Wed, 05 Oct 2022 16:49:12 GMT
x-amz-id-2: 7sxa1T5rK8zHRwqIuc9SQTuUY7zCJT2U6USB3xa+kFLsFMBiTkX+nnJQlGfvrQn7lTVPpKSdbQ0=
x-amz-request-id: RWX54BQ4BQ53NC3B
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/28/2022 12:07:49
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 8d44e181adbb8d7c3c92c21c52af0621
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /21.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:48 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"beda094dfc3b530efd0d2d83c5a0280c"
last-modified: Thu, 28 Jul 2022 18:31:17 GMT
x-amz-id-2: CzydRzq5oDc790yclkehRSY/N4HbM9hWKTus/bfXU8tfT7c8w5WJiAtBJReHCyxz/8iaHbXHhh8=
x-amz-request-id: EGJRDEFA51GD0GY6
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/31/2022 19:36:57
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 8a905ead26a62839a2943355f94ad827
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /css?family=Rozha+One:300,400,500,700|Raleway:300,400,500,700|Open+Sans:300,400,500,700|Roboto:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
142.250.74.74
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Feb 2023 23:53:44 GMT
date: Sun, 05 Feb 2023 23:53:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /embeds/PzpZ_7KZ/Bs6X2ElU38L_lFKp/loader.min.js HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
151.139.128.10
HTTP/2 200 OK
content-type: application/javascript
x-guploader-uploadid: ADPycds4GCX7lxgHbGwfZBC7KRXmX0iMzutUGr8eKV5xmoHJqC25UL5jMebJThpRFtZyf9PAvp5lWfKtfn6Vq0QPcsMNvToo7KSd
expires: Sun, 05 Feb 2023 23:53:45 GMT
last-modified: Thu, 12 Jan 2023 20:08:01 GMT
etag: "fada4875abae55e9b83ba55646665446"
x-goog-generation: 1673554081495163
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 10532
x-goog-hash: crc32c=3b/Lsw==, md5=+tpIdauuVem4O6VWRmZURg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
server: SP
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 05 Feb 2023 23:53:45 GMT
age: 0
x-timer: S1675641225.428635,VS0,VE144
vary: Accept-Encoding
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by
x-cdn: 4
cache-control: public, max-age=180, s-maxage=180
x-cdn-info: loader
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-encoding: gzip
x-hw: 1675641225.cds065.sk1.hn,1675641225.cds065.sk1.sl
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /72.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:45 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"a1c4ecc2ca5bc12d61068cd427f9729f"
last-modified: Wed, 05 Oct 2022 16:49:50 GMT
x-amz-id-2: bRefJzrmZyURY4UtkQN1ECVBc/gW5F1O6YizdBaEr+7zELI4OcVpqMbShN1B3XT4XoXDZ9oU0/Q=
x-amz-request-id: 2T321CBS6G7567Y5
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 01/10/2023 19:35:39
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 2f083a02ce933dec0287fee0f342a894
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /syncframe?topUrl=go.behindthemarkets.com&origin=onetag HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
|
search
178.250.2.146
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Sun, 05 Feb 2023 23:53:45 GMT
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=583c8c7b-0bdd-422a-8cb7-acf2b6b159ac; expires=Fri, 01 Mar 2024 23:53:45 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 772113
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /7BZ2W/3ZB15F/?sub1=3414810360501256982 HTTP/1.1
Host: www.behindthemarkets-btm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
|
search
188.114.97.1
HTTP/2 302 Found
content-type: text/html; charset=utf-8
date: Sun, 05 Feb 2023 23:53:43 GMT
location: https://go.behindthemarkets.com/btm-drug-smuggler-vsl/?_ef_transaction_id=3da0cf19e61c4fa6b42c97f1fb95ba12&utm_source=5&utm_campaign=&utm_medium=&id=3414810360501256982&iocid=&aff=5&creative_id=&sub3=&sub2=&sub4=&oid=60
set-cookie: uniqueClick_3ZB15F=01e591db-25a8-422e-a7b9-d7dd30707ee1:1675641223; Path=/; Expires=Mon, 06 Feb 2023 23:53:43 GMT; SameSite=None
transaction_id=3da0cf19e61c4fa6b42c97f1fb95ba12; Path=/; Expires=Sat, 06 May 2023 23:53:43 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 5716a824-b1e5-4c89-9517-a2c504f837b0
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d6FxUPGhyMmBrp9%2FqYUQvHwphJIJdAK7lUpYxxmkNoIddiArHiR6wNoe7NWBMRHelz%2BH4SjETrfP43xhTLifhOSIaLqELWPFpUgB61gNNjbNLb3tXpI6%2BHlLMvUIoP1tcwEI2OQQONEK7SxilRq9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794f9130fb26b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET / HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:45 GMT
vary: Accept-Encoding
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=600
etag: W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
last-modified: Wed, 05 Oct 2022 16:50:13 GMT
x-amz-id-2: w2sQEwv0yTyYesgi58cdX5IgnNqwZsQfPDoWQ66uv79acWC7sk4DGue0KSTrxdYr0v1255nwb2o=
x-amz-request-id: 1SHJPWDV8HBQZZYC
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 01/30/2023 16:31:24
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: da0355bf50e58cb3cd919f182dd12067
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /4.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:47 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"a39d043b7c7bba70750cf288ee5ef71a"
last-modified: Wed, 05 Oct 2022 16:49:25 GMT
x-amz-id-2: ySXTTMuh4p684fDr0cMmB/kjOirLZZMft/DAc/SFECRKPqgtIp3ZuNpLA00OhRk3IvZM0Wcprhk=
x-amz-request-id: V16WXMWF8BWNA1FF
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/28/2022 12:07:43
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: db38989f013165b6ab361cbeb918f767
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /sid/json?origin=onetag&domain=behindthemarkets.com&sn=FirefoxSyncframe&so=0&topUrl=go.behindthemarkets.com&info=O3amHF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czJlaFlHS1ZHM1NlUFBBSjFtOUsyU3VURTFjMCUyRlJkUm1lSThNZ1FLWWN3VA&idsd=-432986104,-2110748004&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?topUrl=go.behindthemarkets.com&origin=onetag
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
|
search
178.250.2.146
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 05 Feb 2023 23:53:45 GMT
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1003429
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /2.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:47 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"6bfdf1ae8492f107706ac037915be663"
last-modified: Wed, 05 Oct 2022 16:49:10 GMT
x-amz-id-2: wtzVt0uAjOzzXQs53wLv3Q+ORMB7ile/3dovSLZFk0qfw4wVKaoxEFxiTqQboskHlK5Np/Dwz+E=
x-amz-request-id: STPC6N3Y1HC527RZ
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 02/05/2023 02:09:31
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: d64af403270ae5130a8c077a45d32864
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /go?ehash=88eed08fb432b8d1a74c6048734d2fae&product=2876&ar=55&cid=1754&lid=1610&slhash=b9cc225b3a6c3f425bdf8cd23e0a4317&mtaid=[s7]&cid2=[s8] HTTP/1.1
Host: verifiedsecure.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
|
search
172.67.75.248
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 23:53:43 GMT
location: https://www.behindthemarkets-btm.com/7BZ2W/3ZB15F/?sub1=3414810360501256982
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=c5f4317b2336154d893a13122974364b; path=/
pixel_session_hash_2876=3414810360501256982; expires=Tue, 07-Mar-2023 23:53:43 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
bt_tracking_product_2876=a575fc5503503843536fb915d9c4f42f931dabd10226af1d2b2a0195d78f8193; expires=Tue, 07-Feb-2023 23:53:43 GMT; Max-Age=172800
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xmUeUaDhBbtmr8oA9wmIXgoouYMv3LF455JX3kJzizUWyZsxTvkC%2BQgCFwu%2BpmnaxRhIVLDZkLGDY7XntV7NCS5G%2BVGCpdV7C2kk6Skk%2BmHfi9EPJ8l7eUMXdJyG2hPOQ%2F2phA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794f91295c5db51e-OSL
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /serve-leadbox/VjsiWE8Kqvp6irG2dz7mk3/?_ef_transaction_id=3da0cf19e61c4fa6b42c97f1fb95ba12&aff=5&creative_id=&id=3414810360501256982&iocid=&oid=60&sub2=&sub3=&sub4=&utm_campaign=&utm_medium=&utm_source=5 HTTP/1.1
Host: btm-btm-btm.lpages.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
|
search
35.202.21.90
HTTP/2 200 OK
content-type: text/html
date: Sun, 05 Feb 2023 23:53:45 GMT
vary: Accept-Encoding
last-modified: Thu, 22 Sep 2022 23:37:54 GMT
etag: W/"b020632f2f4af170af6bfcc28a95b83b"
x-cache: MISS, HIT
cache-control: no-cache
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
|
search
178.250.6.121
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 05 Feb 2023 23:53:45 GMT
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 125867
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /embeds/PzpZ_7KZ/Bs6X2ElU38L_lFKp/player-dash-mse.min.js?hash=kfyntnzbpxo HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
|
search
151.139.128.10
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 05 Feb 2023 23:53:46 GMT
accept-ranges: bytes
x-cdn: 4
x-guploader-uploadid: ADPycdvYRjMymY-EHX5WEOLwSFEbWVmCpxdlKGoG8F8H7ewV6U-L28zuf0Vr2DnvwYIXe-rZ14Svm-kRx2WFqVQUFd7qqG1zWoy9
cache-control: public, max-age=300, s-maxage=2592000
etag: "bf39d05d7d4b74b9bb266af5a1911b85"
x-goog-generation: 1673554081882581
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 509787
x-goog-hash: crc32c=Mq9czQ==, md5=vznQXX1LdLm7Jmr1oZEbhQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by
server: SP
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
last-modified: Thu, 12 Jan 2023 20:08:01 GMT
content-encoding: gzip
x-hw: 1675641225.cds067.sk1.hn,1675641225.cds067.sk1.hn,1675641225.cds201.sk1.s,1675641225.dop219.la3.r,1675641226.cds261.la3.c,1675641225.cds201.sk1.s,1675641225.dop219.la3.r,1675641226.cds261.la3.c,1675641226.cds201.sk1.p,1675641226.cds067.sk1.sl
X-Firefox-Spdy: h2
--- Additional Info ---
|
GET /73.0a035390359aab65eb82.js HTTP/1.1
Host: load.sumo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
|
search
194.242.11.186
HTTP/2 200 OK
content-type: text/javascript
date: Sun, 05 Feb 2023 23:53:45 GMT
server: BunnyCDN-NO1-830
cdn-pullzone: 53731
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestcountrycode: NO
vary: Accept-Encoding, Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
etag: W/"ad6f2454f01de902ffd473d51c1207bf"
last-modified: Wed, 05 Oct 2022 16:49:51 GMT
x-amz-id-2: cE1DCrJ3duOXNUTj8H7V/BQg6efYhJ/q2l4iGcQJ8Q3JIP8UfExUwQljPhmaAW7xSefCg6CyxKY=
x-amz-request-id: RWX8TS5JF5RSJJ7R
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/28/2022 12:07:49
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: 0b50b3f2ecd7959757b48bc135f2e0a7
cdn-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
--- Additional Info ---
|
35.205.61.67