Report - click.thedailymoneytips.com/kingkongvsl0923/45080fdeab36cc08e518f75fae7ec827/48/TA_2H23DGI/1954809010/139350/0a149ff8436fc11de3561c2b303462a1/63293

Report Overview

Visited public
2023-11-01 05:19:27
Tags
URL
click.thedailymoneytips.com/kingkongvsl0923/45080fdeab36cc08e518f75fae7ec827/48/TA_2H23DGI/1954809010/139350/0a149ff8436fc11de3561c2b303462a1/63293
Finishing URL
go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
BTM - King Kong - VSL

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
click.thedailymoneytips.com	unknown	2019-06-27	2023-03-10 21:57:35	2023-10-31 06:22:55	280 B	912 B	188.114.96.1
api.leadpages.io	33876	2014-09-17	2016-01-27 23:05:06	2023-10-31 15:22:22	4.1 kB	2.7 kB	35.192.151.63
ocsp.godaddy.com	698	1999-03-02	2012-05-20 21:28:57	2023-10-31 05:09:26	660 B	5.2 kB	192.124.249.23
btm-btm-btm.lpages.co	unknown	2017-03-15	2022-07-01 17:54:14	2023-10-31 01:05:36	693 B	92 kB	35.202.21.90
analytics-ingress-global.bitmovin.com	47119	2013-01-21	2017-08-18 07:30:44	2023-10-31 13:09:34	516 B	487 B	35.190.27.197
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-10-31 13:04:07	1.0 kB	37 kB	142.250.74.106
static.leadpages.net	35995	2012-11-07	2016-05-28 02:45:21	2023-10-31 14:50:38	1.3 kB	33 kB	34.107.203.240
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-31 12:15:47	3.9 kB	314 kB	216.58.207.227
fast.vidalytics.com	218005	2007-05-15	2017-02-08 03:49:35	2023-10-31 11:40:24	4.7 kB	772 kB	192.229.220.49
lh3.googleusercontent.com	66	2008-11-17	2012-05-22 09:35:05	2023-10-31 05:13:10	1.1 kB	36 kB	142.250.74.129
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-10-31 05:09:26	1.9 kB	888 B	216.239.34.36
go.behindthemarkets.com	815375	2017-03-30	2019-08-20 13:31:55	2023-10-31 07:19:38	635 B	98 kB	35.202.21.90
verifiedwebpage.com	unknown	2022-03-23	2022-03-23 19:03:14	2023-10-31 09:34:16	541 B	1.6 kB	172.67.170.194
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-10-31 05:09:09	5.1 kB	11 kB	142.250.74.131
js.center.io	39001	2011-09-13	2017-01-30 06:29:11	2023-10-31 15:22:24	2.0 kB	16 kB	216.239.32.21
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-31 13:00:20	893 B	188 kB	142.250.74.168
licensing.bitmovin.com	19299	2013-01-21	2017-01-30 07:23:56	2023-10-31 13:15:17	515 B	600 B	35.227.229.24
stats.vidalytics.com	153185	2007-05-15	2017-02-08 03:49:35	2023-10-31 13:15:17	2.6 kB	2.3 kB	107.178.211.97
embed.lpcontent.net	50471	2020-06-17	2020-06-20 02:54:50	2023-10-31 13:28:29	430 B	15 kB	34.107.203.240
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-10-31 13:44:23	660 B	1.9 kB	172.64.149.23
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-10-31 11:54:18	552 B	578 B	142.250.74.163
www.behindthemarkets-btm.com	848293	2021-03-09	2021-03-11 20:23:38	2023-10-31 01:05:34	525 B	98 kB	104.21.85.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-01	medium	thedailymoneytips.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (33)

	URL	From	Size	First Seen	Last Seen
	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	515 B	2023-08-20	2024-08-21
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-20 19:21 Last Seen2024-08-21 08:22 Times Seen17 Hash ed7f954571e264b2b9d4103536c5419e eac7299ab99e32b6d3964383e559c2938c9039d2 552348fdce77fc6c9674b0abf7b43490a1a7eb4d71f0c3915ad3d448e9910e9b Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	414 B	2023-03-08	2025-04-17
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:09 Last Seen2025-04-17 20:21 Times Seen1060 Hash 0f1c1e338722cb680190732c4e8e3f3e de7e63cbcce170f77302100562443128f115ecbc ee29e0be4ce3b2f3bcfeddbb30b7594cc151657feba8d3760fb9835311116216 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	2.2 kB	2023-05-24	2024-10-24
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-24 15:27 Last Seen2024-10-24 12:46 Times Seen100 Hash 132140ff41ff2b8093f5a0a17c2325ba 44cd600e1275977b3a737d7457f66d0c14e2cd07 5226f2e021abca13d2abd5fbda97c85f0a66841db67f2091fc1edf2bfcf91bda Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	917 B	2023-11-01	2024-08-20
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-01 05:20 Last Seen2024-08-20 21:33 Times Seen15 Hash 920145483f8f5e4790eb9850cdea145c 57ed07d4552d8ac61a0fdf1b06812bbdb9f1bb07 12a62c06f7971ebefe0ccf16901e6f0cd0b22a25c72a1885bd60d7a62faa5fa6 Loading...

	fast.vidalytics.com/embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/loader.min.js	ScriptElement	43 kB	2023-11-01	2024-08-20
Pretty URL fast.vidalytics.com/embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/loader.min.js IP 192.229.220.49 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 05:20 Last Seen2024-08-20 21:33 Times Seen10 Hash 3ae4a28eea960dd5bfb4bb5b430550a8 29bfece686e9f6b417edd34bc376b47d757a72f5 6200dac61dec7a3adf9aa92ee52b8c76233f0f2504563deed1a4d885d8959d8b Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 11:51 Times Seen341424 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	2.9 kB	2023-03-07	2025-04-23
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1284 Hash a3faab281a519d4ece6839d53701c840 4d0935708bd081919188e521931ce14f3cc7c59e ae42a47bdc6093b78f0b62277fab3d311c56337621d945fbc3c68d3216fd4343 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	3.6 kB	2023-03-07	2025-04-19
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-19 23:47 Times Seen1251 Hash c164a88f770902ca8e62a5e399e32018 9d1ca269500112216a2b19d25b8c25440b2e89ba c53f0864a6382bf6866e66f734b2682161eb97cebed43234daf7ab086b4ca8c0 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	582 B	2023-03-07	2025-04-23
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1278 Hash 24959da5977b7558ff59cd5acdf88a1e 43c70045dc13d59dc973e90432261325421d8549 71e5a7aff94fa6fd0a971d99e54814a4131a061f2e361ffc73a5a6ef11d1062a Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	7.1 kB	2023-03-07	2025-04-23
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1270 Hash 54fcbe8bf78f4a60f28e2cdb6e694d36 20b842db1ad9bd92eed8c854065b761a84f69e27 72ceea7d54bdaa348bf0f1e1545e148dd2e9c248a2ca70482f8b5f0047587b4f Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX	ScriptElement	290 kB	2023-11-01	2023-11-01
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 06:19 Last Seen2023-11-01 06:19 Times Seen1 Hash 8506c623b09667100ce0ec213f4ab129 dcafab3d66f5dcfed9bdd5e0f9705a2f90f2d8d1 3eb5e4f99c02bc1228fcbd6b21635b4af55f0b89d3c3d09529884ff64ebd29ae Loading...

	btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	447 B	2023-08-20	2024-08-21
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-20 19:21 Last Seen2024-08-21 08:22 Times Seen17 Hash c03f559a3e0487852e50ba830fd13b57 797effd759fd32abf70a0a5a7483fd2b331e1286 1a9852c38e49e7905bd57dcc8ec6b3c20ed0df973df8da28cd327d9b321b63f5 Loading...

	unknown	EventHandler	16 B	2023-04-10	2025-05-09
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-05-09 11:27 Times Seen56570 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	2.5 kB	2023-03-07	2025-03-27
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-27 04:55 Times Seen424 Hash 0e02738ac706f2cc3dfb299a7fce970e 664081b30b8d227de4a54aca59e51f9c79986052 c36eb45451b0743dc65ca4bcfebc51511584a351ed4e6c8d98685b7eca9ddc26 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	1.1 kB	2023-03-07	2025-04-23
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1279 Hash f243709fadf6e072fd4fc43a139860e6 21692bdbc65edff8eca41e13d7036235f8ece36f 942275c3ece75f2592f4947d4e306a2a594de12dddd152ca13eafb747166a35c Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	5.4 kB	2023-05-15	2025-04-19
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 23:35 Last Seen2025-04-19 23:47 Times Seen1241 Hash fc0b8de8bf07fe1f20ecbf76e15f87aa 57950c0b8f0f6768b595fd74ec115f032b03f9ed cf61f4a4f3c09feac95f312fe0115655571a65979b16e2c3468cd422a1ba0b8f Loading...

	embed.lpcontent.net/leadboxes/current/embed.js	ScriptElement	43 kB	2023-03-07	2025-04-23
Pretty URL embed.lpcontent.net/leadboxes/current/embed.js IP 34.107.203.240 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1174 Hash 7efcfabdb6209627ce8b016b1c4814eb f3b8ebfc5fe452333c0fa14b15b28567f30921b9 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	347 B	2023-03-07	2025-04-23
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1280 Hash 324d070d383d7e171663391494e4eaf1 147167b389b5672075f113a03583378a22149967 3dfd8ef986ba39418b44b6eeef78e69bb8d04e786e7479c37087cb70b4fa9c84 Loading...

	www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c	ScriptElement	286 kB	2023-11-01	2023-11-01
Pretty URL www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 06:19 Last Seen2023-11-01 06:19 Times Seen1 Hash aa5a254d8c6943718e6456336bb3683c b6ee6b99abe75f772f69ea5777a51b5e6a5304b6 6cd0f34ff83b6486c4376801479d339fafee770a7610b2d54121f1d7682d5610 Loading...

	js.center.io/center.js	ScriptElement	13 kB	2023-03-07	2025-04-23
Pretty URL js.center.io/center.js IP 216.239.32.21 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1306 Hash 60f05ff45d707fe36d87b75bf181800d e34d94b519ed465481596bcff099467feb0aafdd cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	181 B	2023-03-07	2025-04-23
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21 Last Seen2025-04-23 13:41 Times Seen1263 Hash 03c6f9076ca3a4dee82dff97b28e6e5f 34e14b9e6b7f1f25bacd50142f395e4409ca74f6 74b2d22da3e536e007235a166b47e5498591fef8dd5723ffedfbf5a89cd97aa6 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	461 B	2023-03-08	2025-04-17
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:09 Last Seen2025-04-17 20:21 Times Seen1071 Hash e9565aa95958c3f427dd710f00d4a092 c596f2b7d288537ccac2c83942fe24643166ccea f36c51fc4c2bfd0402dc43fc85669439adc251635fa6db4600570b3766c07b99 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	889 B	2023-03-07	2025-04-19
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21 Last Seen2025-04-19 23:47 Times Seen1215 Hash e836a223299c66996d922f90cb0a7ed3 8bf67c5a1042829803fc04c4b047ec9f5482bf70 c77e92eba359ee71dbbc3d949be51ac51788cb30ef685ef643bf5c8961d7eff1 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	159 B	2023-08-20	2024-08-21
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-20 19:21 Last Seen2024-08-21 08:22 Times Seen17 Hash fc8b14546ecff07165975fa2e9ed8efa 7bfcbbd6c37e238f759d64674e21719b5bf889a6 7aed192db6e45952051045b46129c2839cc6552fb82b3c2271e387ba825fc1d3 Loading...

	go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100	ScriptElement	723 B	2023-11-01	2024-08-20
Pretty URL go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-01 05:20 Last Seen2024-08-20 21:33 Times Seen21 Hash 8159469a775f1b2fc15d83e2ee98ebde 3ef2877eb678b96038a810f241867982bc994965 9bec73bcc4354b123f6fdf4569bf47189fac869b4adaee171b220930718ecb7e Loading...

	unknown	ScriptElement	314 B	2023-07-16	2025-01-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-16 06:53 Last Seen2025-01-29 09:19 Times Seen457 Hash 4acb04b112dbbf49b9a8988722930179 2a677bc92272c6759ac640147670bc0c01c8b2ae c482ce11ea1939e7f4038b6f34084495d4e600584f431a1a0c7a764942cebb70 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	4.0 kB	2023-03-07	2025-04-23
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-04-23 13:41 Times Seen1077 Hash ab3f007f9ddbf0f4583e6002fec81753 64833abe13132a7220b56d21255b5c5a4e8a0c0f 44a8607238597f4d1d1c5bd6cce5f871b987105d969aa5d492e1f37e23aca407 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 11:51 Times Seen340623 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	ScriptElement	2.3 MB	2023-11-01	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-01 05:20 Last Seen2024-08-20 21:33 Times Seen10 Hash d57241e4f3080f514870f3f539a10609 a37d825ace3f4b95b58c337f368d64d92d101235 cc8291b83e44e787fdd39b75adacf652cbbf54d73baa3feca06947303fffbb19 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 4fe7374212694d79957cd9a1bb8fdef2	126 B	2023-03-08 02:09	2025-04-17 20:21
Pretty Observations First Seen2023-03-08 02:09 Last Seen2025-04-17 20:21 Times Seen1059 Hash 4fe7374212694d79957cd9a1bb8fdef2 010e231568ee9c1bd7f2460c5a79da7f557fcc9a 93a694caf72303625617cfe8edbe6444a43454c3e34613487a74188f783c1e58 Loading...

	#2 Eval - 70067a5e54adbe9d9567c09470b0a617	92 B	2023-03-08 02:09	2025-04-17 20:21
Pretty Observations First Seen2023-03-08 02:09 Last Seen2025-04-17 20:21 Times Seen1038 Hash 70067a5e54adbe9d9567c09470b0a617 4a47e4781b5bac3cdd38247db3fb87c63336c31a ad86521431911b76d497d5ebf350060c89e901d2bed2ebfa8a0d7b751b96f860 Loading...

	#3 Eval - 0a94139e4615771d6d97fb3d968225b2	80 B	2023-03-08 02:09	2025-04-17 20:21
Pretty Observations First Seen2023-03-08 02:09 Last Seen2025-04-17 20:21 Times Seen1057 Hash 0a94139e4615771d6d97fb3d968225b2 ede8882cf509b54d78f9ae6d0983cb4466a633b6 ca0059abf25af68454df89030c51cb41e112e2fa58ebb0b2ffa85b3fc6fee883 Loading...

	#4 Eval - c562c4c65e042d8c48ba39c3cf21e111	129 B	2023-07-16 06:53	2024-09-19 22:26
Pretty Observations First Seen2023-07-16 06:53 Last Seen2024-09-19 22:26 Times Seen334 Hash c562c4c65e042d8c48ba39c3cf21e111 0e1fded0f7e2ddd263830f8fbcedc883b1e2aca9 4c2f2b659be02e1baf0cf031d327ea963e56a80bb6baa7a07967a71514205375 Loading...

HTTP Transactions (70)

URL IP Response Size

click.thedailymoneytips.com/

188.114.96.1

143 B

URL
click.thedailymoneytips.com/
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
143 B (143 bytes)
Hash
f1fb042c62910c34be16ad91cbbd71fa
5bc7aceba9a8704ef4b1d427d7d08b140afcd866
9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: click.thedailymoneytips.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Nov 2023 05:19:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 11 Jul 2023 17:58:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5EQfGQZmPk5FOYgwuwEz%2FMrwY6mUHOyG%2BMb%2Fc7gG4w5TkllAcaFqzGOuCY3Cou9Dn%2BgfpQT%2BXrixNvrcyDD0QCGWCgHbeQNosU668JgTAe%2Fgxf68PceZIZvDE%2FvJopqsxdlsGkH9xw8oMSg9LZI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81f1ae6058c4568d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

verifiedwebpage.com/go?ehash=45080fdeab36cc08e518f75fae7ec827&product=32417&ar=48&cid=1954809010&lid=139350&slhash=0a149ff8436fc11de3561c2b303462a1&mtaid=63293&cid2=[s8]

172.67.170.194

446 B

URL
verifiedwebpage.com/go?ehash=45080fdeab36cc08e518f75fae7ec827&product=32417&ar=48&cid=1954809010&lid=139350&slhash=0a149ff8436fc11de3561c2b303462a1&mtaid=63293&cid2=[s8]
IP
172.67.170.194:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
446 B (446 bytes)
Hash
2a5ae4d7e6c91b187291b74ffe9c3a94
799c84342ddf00b239f4e37b130144990470f21e
ce96fad1b13bf2ea537f2a68d933e7ed257b1fab5c4b869be451261ca69b1c1c

HTTP Headers

GET /go?ehash=45080fdeab36cc08e518f75fae7ec827&product=32417&ar=48&cid=1954809010&lid=139350&slhash=0a149ff8436fc11de3561c2b303462a1&mtaid=63293&cid2=[s8] HTTP/1.1
Host: verifiedwebpage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Wed, 01 Nov 2023 05:19:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=c7c3aa236b066900cea27226e0af76b9; path=/
pixel_session_hash_32417=3415202737506256205; expires=Fri, 01-Dec-2023 05:19:11 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
bt_tracking_product_32417=f721e1a44af7dc47041a75235dfae2634adfb8116cd098e1331aae930102b83f; expires=Fri, 03-Nov-2023 05:19:11 GMT; Max-Age=172800
Location: https://verifiedwebpage.com/c/3415202737506256205
Vary: Accept-Encoding,User-Agent
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lM2aLLa3FChmUKrKsapHtErTPDsFs5ky6ZhWPpqSLfav7kwU5BSpJATbCYofhJ8k8kr2cgahCDrCXt5FK2TXUAqUAhge%2FjsGL3JlU9NLR7oQXzW%2FH7vTAYiHJe7gfmFevTouNwKM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81f1ae63cd480afa-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4afed570449fef4e34c5c994cd7506a
69c29c4d69ffdffaf06f712817825e962a746d9d
0365828a5aa0519f386757034db008647dce8a4780a7d9b3db0e49070efa3040

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/2NgcsJjKLMA

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1d4/2NgcsJjKLMA
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
99747aa8d5a7bae2c2a49969658a9872
db731a733577c42c045381449ead865475919c95
0867ddc4446d1757809e192d8eb02bbb5c3bb1e80e2fd501df9545e798aad829

HTTP Headers

POST /s/gts1d4/2NgcsJjKLMA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

embed.lpcontent.net/leadboxes/current/embed.js

34.107.203.240

200 OK

15 kB

URL GET HTTP/2
embed.lpcontent.net/leadboxes/current/embed.js
IP
34.107.203.240:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectembed.lpcontent.net
Fingerprint1E:BA:6C:41:C4:6F:9E:53:15:AB:02:2F:CB:5B:4E:C2:37:AD:4B:FB
ValidityTue, 03 Oct 2023 14:09:17 GMT - Mon, 01 Jan 2024 15:01:29 GMT

File type
ASCII text, with very long lines (30758)
Size
15 kB (14811 bytes)
Hash
7efcfabdb6209627ce8b016b1c4814eb
f3b8ebfc5fe452333c0fa14b15b28567f30921b9
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

HTTP Headers

GET /leadboxes/current/embed.js HTTP/1.1
Host: embed.lpcontent.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 1c6b9d5eb267292f1c0726e9612930f9
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 14811
date: Wed, 01 Nov 2023 05:17:05 GMT
expires: Wed, 01 Nov 2023 05:22:05 GMT
cache-control: public, max-age=300
age: 128
etag: "-Aynvg"
content-type: application/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto+Condensed:300,400,500,700|Roboto:300,400,500,700|Open+Sans:300,400,500,700

142.250.74.106

200 OK

1.7 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed:300,400,500,700|Roboto:300,400,500,700|Open+Sans:300,400,500,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
gzip compressed data, max compression\012- data
Size
1.7 kB (1719 bytes)
Hash
fadc43529497ddf6bdcbc29bf5e0bea5
84d28c8955b780290f3810cf3d8ad9f83e69131a
d1bebf9246c2af7bc711e8992ee1de710f8d195242d9ba0f44ae57e9f303db33

HTTP Headers

GET /css?family=Roboto+Condensed:300,400,500,700|Roboto:300,400,500,700|Open+Sans:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Nov 2023 05:19:13 GMT
date: Wed, 01 Nov 2023 05:19:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/2NgcsJjKLMA

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1d4/2NgcsJjKLMA
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
99747aa8d5a7bae2c2a49969658a9872
db731a733577c42c045381449ead865475919c95
0867ddc4446d1757809e192d8eb02bbb5c3bb1e80e2fd501df9545e798aad829

HTTP Headers

POST /s/gts1d4/2NgcsJjKLMA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/nO-neDG58C0

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1d4/nO-neDG58C0
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
431f40925583d1d5c2f6df20d95d54bd
071baf41b8d3d8204b68ae235392b734565efb9c
169baca02ea0ac5c21acb7589b255a66969a4577e316f43e59c7c61bee1e62cb

HTTP Headers

POST /s/gts1d4/nO-neDG58C0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css

34.107.203.240

200 OK

15 kB

URL GET HTTP/2
static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
IP
34.107.203.240:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
Fingerprint74:ED:B8:2C:E0:C6:39:88:EB:34:E1:82:96:F0:49:60:2D:6B:6E:03
ValidityMon, 16 Oct 2023 23:07:53 GMT - Sun, 14 Jan 2024 23:59:05 GMT

File type
ASCII text, with very long lines (58749)
Size
15 kB (14628 bytes)
Hash
84d8ad2b4fcdc0f0c58247e778133b3a
6f33eae92d42fe209167139940a0ad6a3c6c167e
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

HTTP Headers

GET /fonts/font-awesome/5.14.0/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: a18ee4f17024372c3400c0a0c7c11eec
content-encoding: gzip
server: Google Frontend
via: 1.1 google
date: Tue, 31 Oct 2023 05:42:30 GMT
expires: Wed, 30 Oct 2024 05:42:30 GMT
cache-control: public, max-age=31536000
etag: "-Aynvg"
content-type: text/css
vary: Accept-Encoding
content-length: 14628
age: 85003
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/nO-neDG58C0

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1d4/nO-neDG58C0
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
431f40925583d1d5c2f6df20d95d54bd
071baf41b8d3d8204b68ae235392b734565efb9c
169baca02ea0ac5c21acb7589b255a66969a4577e316f43e59c7c61bee1e62cb

HTTP Headers

POST /s/gts1d4/nO-neDG58C0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d408235a533f534ab67cc86f4b3541bc
5e0c537d01bcc340efc286cf1aa5a4e07fb0a232
d6e9007ef49b3214ad7ca371840f265a1743ed1b68b7b666ca4918b87dab59cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0\012- data
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Oct 2023 18:05:41 GMT
expires: Thu, 24 Oct 2024 18:05:41 GMT
cache-control: public, max-age=31536000
age: 558812
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 02:00:44 GMT
expires: Sat, 26 Oct 2024 02:00:44 GMT
cache-control: public, max-age=31536000
age: 443909
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d408235a533f534ab67cc86f4b3541bc
5e0c537d01bcc340efc286cf1aa5a4e07fb0a232
d6e9007ef49b3214ad7ca371840f265a1743ed1b68b7b666ca4918b87dab59cb

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1d4/61szEZlWlYk

142.250.74.131

472 B

URL
ocsp.pki.goog/s/gts1d4/61szEZlWlYk
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d53bd10764e8db68205e3f71419abf0c
6a2d24bab234af696d9b5892c140032b74f0e077
db6990605fd59b29de10f5dd60e1a65b293bd0ea924c1f43b78ccd6842bd4d75

HTTP Headers

POST /s/gts1d4/61szEZlWlYk HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:14 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 09:00:39 GMT
expires: Wed, 30 Oct 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 73114
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/center.js

216.239.32.21

200 OK

5.4 kB

URL GET HTTP/2
js.center.io/center.js
IP
216.239.32.21:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint85:B9:E0:72:82:F5:95:3E:D1:4E:1A:D7:E3:C7:71:C0:2D:3A:13:80
ValidityTue, 12 Sep 2023 16:35:29 GMT - Mon, 11 Dec 2023 17:15:15 GMT

File type
ASCII text, with very long lines (566)
Size
5.4 kB (5417 bytes)
Hash
60f05ff45d707fe36d87b75bf181800d
e34d94b519ed465481596bcff099467feb0aafdd
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

HTTP Headers

GET /center.js HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-cloud-trace-context: d61d2929ff5fe415f656d5c82069ceeb
content-encoding: gzip
server: Google Frontend
content-length: 5417
date: Wed, 01 Nov 2023 05:16:29 GMT
expires: Wed, 01 Nov 2023 05:21:29 GMT
cache-control: public, max-age=300
age: 165
etag: "OMWYXg"
content-type: application/javascript
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

51 kB

URL GET HTTP/2
fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51404, version 1.0\012- data
Size
51 kB (51404 bytes)
Hash
b904fcdf1c4c6059fadd6893a7bc7619
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

HTTP Headers

GET /s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 51404
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Oct 2023 18:05:41 GMT
expires: Thu, 24 Oct 2024 18:05:41 GMT
cache-control: public, max-age=31536000
age: 558813
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/identify.html

216.239.32.21

200 OK

2.0 kB

URL GET HTTP/2
js.center.io/identify.html
IP
216.239.32.21:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint85:B9:E0:72:82:F5:95:3E:D1:4E:1A:D7:E3:C7:71:C0:2D:3A:13:80
ValidityTue, 12 Sep 2023 16:35:29 GMT - Mon, 11 Dec 2023 17:15:15 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (612)
Size
2.0 kB (2016 bytes)
Hash
0ba3629e9c8b8af4c7a13d344978898a
c05b5c80e1eec6e630547ecfacf11eb86391e4b6
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

HTTP Headers

GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-cloud-trace-context: c0d69f53b61ad6566dcf3f2ad73aac7e
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Wed, 01 Nov 2023 05:19:12 GMT
expires: Wed, 01 Nov 2023 05:24:12 GMT
cache-control: public, max-age=300
age: 2
etag: "OMWYXg"
content-type: text/html
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8f3dead87317ffa593beda4662d355db
e764c31672a1958b7801556cfd864b4a5253f1a3
4dde35ac9bff1db0056e4020d2b7e55c9b8377954c97bbac0c2fbbebb33a90a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

142.250.74.168

200 OK

95 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (17476)
Size
95 kB (94688 bytes)
Hash
8506c623b09667100ce0ec213f4ab129
dcafab3d66f5dcfed9bdd5e0f9705a2f90f2d8d1
3eb5e4f99c02bc1228fcbd6b21635b4af55f0b89d3c3d09529884ff64ebd29ae

HTTP Headers

GET /gtm.js?id=GTM-WNRH3TX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Nov 2023 05:19:14 GMT
expires: Wed, 01 Nov 2023 05:19:14 GMT
cache-control: private, max-age=900
last-modified: Wed, 01 Nov 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 94688
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
8f3dead87317ffa593beda4662d355db
e764c31672a1958b7801556cfd864b4a5253f1a3
4dde35ac9bff1db0056e4020d2b7e55c9b8377954c97bbac0c2fbbebb33a90a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fast.vidalytics.com/embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/loader.min.js

192.229.220.49

200 OK

11 kB

URL GET HTTP/2
fast.vidalytics.com/embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/loader.min.js
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (42630), with CRLF, LF line terminators
Size
11 kB (10596 bytes)
Hash
3ae4a28eea960dd5bfb4bb5b430550a8
29bfece686e9f6b417edd34bc376b47d757a72f5
6200dac61dec7a3adf9aa92ee52b8c76233f0f2504563deed1a4d885d8959d8b

HTTP Headers

GET /embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/loader.min.js HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 17
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=60, s-maxage=600
content-type: application/javascript
date: Wed, 01 Nov 2023 05:19:14 GMT
last-modified: Wed, 01 Nov 2023 05:18:57 GMT
server: ECAcc (dac/9C9A)
vary: Accept-Encoding
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-info: loader
x-cdn-site: c3-prod
x-envoy-decorator-operation: vidalytics-player-api.vidalytics-player-api.svc.cluster.local:80/*
x-envoy-upstream-service-time: 40
x-lb-backend: api-prod
x-lb-cache: disabled
content-length: 10596
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.149.23

472 B

URL
ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
3d2179a645e7578df86c3d854cfdd505
457fa5e4e87c0738e77dd33fdc5c5048b33212f4
ac8daf30428b5b09f7a14d6a21d9f6a073822c3b2a224f2b8de20ec1e4ee1e16

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Nov 2023 05:19:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 29 Oct 2023 00:56:21 GMT
Expires: Sun, 05 Nov 2023 00:56:20 GMT
Etag: "457fa5e4e87c0738e77dd33fdc5c5048b33212f4"
Cache-Control: max-age=329908,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81f1ae83bcc7569c-OSL

www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c

142.250.74.168

200 OK

92 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type
ASCII text, with very long lines (14860)
Size
92 kB (92232 bytes)
Hash
aa5a254d8c6943718e6456336bb3683c
b6ee6b99abe75f772f69ea5777a51b5e6a5304b6
6cd0f34ff83b6486c4376801479d339fafee770a7610b2d54121f1d7682d5610

HTTP Headers

GET /gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Nov 2023 05:19:14 GMT
expires: Wed, 01 Nov 2023 05:19:14 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 92232
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=ZacGGQJn4SCwG9joMyhc4V&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=165,1,LUmjr7qNYJFaJKUHS39Dqg

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=ZacGGQJn4SCwG9joMyhc4V&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=165,1,LUmjr7qNYJFaJKUHS39Dqg
IP
35.192.151.63:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint82:04:EC:6A:8D:9D:D8:E2:90:A1:2D:96:68:08:FF:D4:1D:3D:72:A8
ValidityThu, 28 Sep 2023 15:13:30 GMT - Wed, 27 Dec 2023 15:13:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=ZacGGQJn4SCwG9joMyhc4V&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=165,1,LUmjr7qNYJFaJKUHS39Dqg HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
access-control-allow-origin: https://go.behindthemarkets.com
x-request-id: 01l74igbbufgt7bgvo5g
Date: Wed, 01 Nov 2023 05:19:14 GMT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-expose-headers: LP-Security-Token
X-Forwarded-For: 91.90.42.154

api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=GaGK5cmexe3MTLuLyxaEFM&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=NGpHfvK5UwogASerV98bvR&sid=nftwQr5zucQFRsRrFiK2Mn&cid=lp-GaGK5cmexe3MTLuLyxaEFM&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&rf=&rx=1280&ry=1024&tz=%2B00%3A00

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=GaGK5cmexe3MTLuLyxaEFM&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=NGpHfvK5UwogASerV98bvR&sid=nftwQr5zucQFRsRrFiK2Mn&cid=lp-GaGK5cmexe3MTLuLyxaEFM&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&rf=&rx=1280&ry=1024&tz=%2B00%3A00
IP
35.192.151.63:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint82:04:EC:6A:8D:9D:D8:E2:90:A1:2D:96:68:08:FF:D4:1D:3D:72:A8
ValidityThu, 28 Sep 2023 15:13:30 GMT - Wed, 27 Dec 2023 15:13:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/events/capture?k=view&a=leadpage&l=GaGK5cmexe3MTLuLyxaEFM&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=NGpHfvK5UwogASerV98bvR&sid=nftwQr5zucQFRsRrFiK2Mn&cid=lp-GaGK5cmexe3MTLuLyxaEFM&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&rf=&rx=1280&ry=1024&tz=%2B00%3A00 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: https://go.behindthemarkets.com
Server: Stargate
Date: Wed, 01 Nov 2023 05:19:14 GMT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-expose-headers: LP-Security-Token
x-request-id: 04btep15oaao34u519m0
set-cookie: view.bb4wMKcXKB896PwqF4vMVT-default-prop.GaGK5cmexe3MTLuLyxaEFM=1698815955000; Domain=api.leadpages.io; expires=Thu, 02 Nov 2023 05:19:14 GMT; httponly; Max-Age=86400; Path=/analytics/v1/events/capture; SameSite=None; secure
X-Forwarded-For: 91.90.42.154

static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css

34.107.203.240

200 OK

15 kB

URL GET HTTP/2
static.leadpages.net/fonts/font-awesome/5.14.0/css/all.min.css
IP
34.107.203.240:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
Fingerprint74:ED:B8:2C:E0:C6:39:88:EB:34:E1:82:96:F0:49:60:2D:6B:6E:03
ValidityMon, 16 Oct 2023 23:07:53 GMT - Sun, 14 Jan 2024 23:59:05 GMT

File type
ASCII text, with very long lines (58749)
Size
15 kB (14628 bytes)
Hash
84d8ad2b4fcdc0f0c58247e778133b3a
6f33eae92d42fe209167139940a0ad6a3c6c167e
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

HTTP Headers

GET /fonts/font-awesome/5.14.0/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
x-cloud-trace-context: a18ee4f17024372c3400c0a0c7c11eec
content-encoding: gzip
server: Google Frontend
via: 1.1 google
date: Tue, 31 Oct 2023 05:42:30 GMT
expires: Wed, 30 Oct 2024 05:42:30 GMT
cache-control: public, max-age=31536000
etag: "-Aynvg"
content-type: text/css
vary: Accept-Encoding
content-length: 14628
age: 85004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fast.vidalytics.com/embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/player-dash-mse.min.js?hash=peoazzhul

192.229.220.49

200 OK

619 kB

URL GET HTTP/3
fast.vidalytics.com/embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/player-dash-mse.min.js?hash=peoazzhul
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65399)
Size
619 kB (618922 bytes)
Hash
d57241e4f3080f514870f3f539a10609
a37d825ace3f4b95b58c337f368d64d92d101235
cc8291b83e44e787fdd39b75adacf652cbbf54d73baa3feca06947303fffbb19

HTTP Headers

GET /embeds/PzpZ_7KZ/WBMoaFX43SbGJsaM/player-dash-mse.min.js?hash=peoazzhul HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 99130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=300, s-maxage=2592000
content-type: application/javascript; charset=utf-8
date: Wed, 01 Nov 2023 05:19:14 GMT
etag: "86246fc5d2ceef132d8e22f75b8367a6"
expires: Fri, 01 Dec 2023 05:19:14 GMT
last-modified: Tue, 31 Oct 2023 01:46:16 GMT
server: ECAcc (ska/F776)
vary: Accept-Encoding
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698716776718515
x-goog-hash: crc32c=S12Kfw==, md5=hiRvxdLO7xMtjiL3W4Nnpg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 618922
x-guploader-uploadid: ABPtcPonBRWmdI6Gb8nYvdEqv2K2seeEenwaQ3xcHbn2P9mzE86y3ZtSfGwvfhnD7VUh9GBuABtugIq24xbt4iHQTsoAUZTTsEKg
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 618922

static.leadpages.net/images/favicon.ico

34.107.203.240

2.6 kB

URL GET
static.leadpages.net/images/favicon.ico
IP
34.107.203.240:0
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectstatic.leadpages.net
Fingerprint74:ED:B8:2C:E0:C6:39:88:EB:34:E1:82:96:F0:49:60:2D:6B:6E:03
ValidityMon, 16 Oct 2023 23:07:53 GMT - Sun, 14 Jan 2024 23:59:05 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
2.6 kB (2594 bytes)
Hash
0210a839146c090d313d070610e16bd2
f87bd57affad1046bf0f44db93f7c23304e43d55
76da9be859d0d9cd9ffa30b9aa9d07a34164acba1ec512c61bd1b7854c1fab7b

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 99e070af0ce5232a1e3c24809d95082d
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 2594
date: Wed, 01 Nov 2023 05:18:33 GMT
expires: Wed, 01 Nov 2023 05:23:33 GMT
cache-control: public, max-age=300
age: 42
etag: "-Aynvg"
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2

216.58.207.227

200 OK

45 kB

URL GET HTTP/2
fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44584, version 1.0\012- data
Size
45 kB (44584 bytes)
Hash
e04669366cda1aca21161f9e22bac3ae
157532ec5cdb07c395eb96aa6e9d0de1eeb869a7
43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47

HTTP Headers

GET /s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44584
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Oct 2023 10:05:51 GMT
expires: Sat, 26 Oct 2024 10:05:51 GMT
cache-control: public, max-age=31536000
age: 414804
last-modified: Mon, 03 Apr 2023 20:46:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ce843370cb40a556620c03b111d544c1
a9ee379c39e14fc512b0d29a55c5af47a6b6240c
9dcef5f352527675bd9445ecc6d0fcc9c06b3804d6818f3d4e8544e1176bc2f2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ce843370cb40a556620c03b111d544c1
a9ee379c39e14fc512b0d29a55c5af47a6b6240c
9dcef5f352527675bd9445ecc6d0fcc9c06b3804d6818f3d4e8544e1176bc2f2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 09:00:39 GMT
expires: Wed, 30 Oct 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 73116
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintBE:D3:D2:0A:C4:57:FB:0B:D7:17:48:C8:AB:52:49:39:3E:E9:3C:60
ValidityMon, 09 Oct 2023 08:10:32 GMT - Mon, 01 Jan 2024 08:10:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48432, version 1.0\012- data
Size
48 kB (48432 bytes)
Hash
e2d74c5e631bc53a7240bbfe4be99c8f
eb513857bb01cc4f7249067fc7e969bef415fc90
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5

HTTP Headers

GET /s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48432
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Oct 2023 09:00:39 GMT
expires: Wed, 30 Oct 2024 09:00:39 GMT
cache-control: public, max-age=31536000
age: 73116
last-modified: Thu, 14 Sep 2023 00:40:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/mV-NDRpEblU6YgLZNxo0oma4Wjk2nMckxLyJEB9pd7kFaJ7kJAyWOf3ABjLu0xKzwwtPgsjXv5uMHVKY_T4pVCJi-_5P-ypHBLWh=s16

142.250.74.129

200 OK

952 B

URL GET HTTP/2
lh3.googleusercontent.com/mV-NDRpEblU6YgLZNxo0oma4Wjk2nMckxLyJEB9pd7kFaJ7kJAyWOf3ABjLu0xKzwwtPgsjXv5uMHVKY_T4pVCJi-_5P-ypHBLWh=s16
IP
142.250.74.129:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5E:EF:C0:E1:67:C9:67:A3:95:36:92:94:58:17:E4:59:B6:C9:8E:E5
ValidityMon, 09 Oct 2023 08:11:06 GMT - Mon, 01 Jan 2024 08:11:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, description=hexagon concept design abstract technology background vector EPS10, software=Picasa], baseline, precision 8, 16x10, components 3\012- data
Size
952 B (952 bytes)
Hash
518192098c36973d0d63a27cdf90fbe7
5041622c3427e1aa50a74810122a91685a95701c
4086c91f85bfe320fbca5e031fd3257487b98f8c14a930a1035e3db61f83ce93

HTTP Headers

GET /mV-NDRpEblU6YgLZNxo0oma4Wjk2nMckxLyJEB9pd7kFaJ7kJAyWOf3ABjLu0xKzwwtPgsjXv5uMHVKY_T4pVCJi-_5P-ypHBLWh=s16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 952
x-xss-protection: 0
date: Wed, 01 Nov 2023 01:57:30 GMT
expires: Thu, 02 Nov 2023 01:57:30 GMT
cache-control: public, max-age=86400, no-transform
age: 12105
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700

142.250.74.106

200 OK

34 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint87:BD:C2:71:54:40:3F:F2:18:79:1A:89:F5:E9:BC:63:E5:EC:57:64
ValidityMon, 09 Oct 2023 08:10:33 GMT - Mon, 01 Jan 2024 08:10:32 GMT

File type
gzip compressed data, max compression\012- data
Size
34 kB (34415 bytes)
Hash
7e9562778e6dadd728b2b032cb223508
746d61ef69b6dd5003e7e00639fae5112e56fdc5
124feee4eed2b63a1b56843e6c5d05f86040bae5ab64b8789b74d3bb8b91bb60

HTTP Headers

GET /css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Nov 2023 05:19:14 GMT
date: Wed, 01 Nov 2023 05:19:14 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

js.center.io/center.js

216.239.32.21

200 OK

5.4 kB

URL GET HTTP/2
js.center.io/center.js
IP
216.239.32.21:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint85:B9:E0:72:82:F5:95:3E:D1:4E:1A:D7:E3:C7:71:C0:2D:3A:13:80
ValidityTue, 12 Sep 2023 16:35:29 GMT - Mon, 11 Dec 2023 17:15:15 GMT

File type
ASCII text, with very long lines (566)
Size
5.4 kB (5417 bytes)
Hash
60f05ff45d707fe36d87b75bf181800d
e34d94b519ed465481596bcff099467feb0aafdd
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

HTTP Headers

GET /center.js HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Cookie: centerVisitorId=NGpHfvK5UwogASerV98bvR
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-cloud-trace-context: c2c6310c821e0f410b93792f0fb7e3b5;o=1
content-encoding: gzip
server: Google Frontend
content-length: 5417
date: Wed, 01 Nov 2023 05:19:15 GMT
expires: Wed, 01 Nov 2023 05:24:15 GMT
cache-control: public, max-age=300
etag: "OMWYXg"
content-type: application/javascript
age: 0
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c83b311c0b757377978358e14fa4c3e
5c9a92882a5a5a1e27bf4a26ae1836755f26bffb
966e2e0ed3cfecac5852def39c29185d2c5ce0eb6b7d33a1bb9931278ff0c065

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ce843370cb40a556620c03b111d544c1
a9ee379c39e14fc512b0d29a55c5af47a6b6240c
9dcef5f352527675bd9445ecc6d0fcc9c06b3804d6818f3d4e8544e1176bc2f2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=73405074.1698815956&gtm=45je3au1v874108444z8812088355&aip=1&z=2017642274

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=73405074.1698815956&gtm=45je3au1v874108444z8812088355&aip=1&z=2017642274
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
FingerprintC9:D2:53:22:39:42:94:46:74:AD:BB:1A:B2:BE:92:9B:6B:B6:8F:3D
ValidityMon, 09 Oct 2023 08:14:07 GMT - Mon, 01 Jan 2024 08:14:06 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=73405074.1698815956&gtm=45je3au1v874108444z8812088355&aip=1&z=2017642274 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 05:19:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/identify.html

216.239.32.21

200 OK

2.0 kB

URL GET HTTP/2
js.center.io/identify.html
IP
216.239.32.21:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services LLC
Subjectjs.center.io
Fingerprint85:B9:E0:72:82:F5:95:3E:D1:4E:1A:D7:E3:C7:71:C0:2D:3A:13:80
ValidityTue, 12 Sep 2023 16:35:29 GMT - Mon, 11 Dec 2023 17:15:15 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (612)
Size
2.0 kB (2016 bytes)
Hash
0ba3629e9c8b8af4c7a13d344978898a
c05b5c80e1eec6e630547ecfacf11eb86391e4b6
0efa1e4687032588dae8d6d3a00a92e504a3a14b9d1bb23c19670a47c9792110

HTTP Headers

GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Cookie: centerVisitorId=NGpHfvK5UwogASerV98bvR
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-cloud-trace-context: 19a01af9489313fe89a8b23bd3883de5
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Wed, 01 Nov 2023 05:15:35 GMT
expires: Wed, 01 Nov 2023 05:20:35 GMT
cache-control: public, max-age=300
age: 220
etag: "OMWYXg"
content-type: text/html
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3au1v874108444z8812088355&_p=1155171099&_gaz=1&gcd=11l1l1l1l1&cid=73405074.1698815956&ul=en-us&sr=1280x1024&_s=1&sid=1698815955&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&dt=BTM%20-%20King%20Kong%20-%20VSL&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3au1v874108444z8812088355&_p=1155171099&_gaz=1&gcd=11l1l1l1l1&cid=73405074.1698815956&ul=en-us&sr=1280x1024&_s=1&sid=1698815955&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&dt=BTM%20-%20King%20Kong%20-%20VSL&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3au1v874108444z8812088355&_p=1155171099&_gaz=1&gcd=11l1l1l1l1&cid=73405074.1698815956&ul=en-us&sr=1280x1024&_s=1&sid=1698815955&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&dt=BTM%20-%20King%20Kong%20-%20VSL&en=page_view&_fv=1&_nsi=1&_ss=1&epn.variant_id=0 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Wed, 01 Nov 2023 05:19:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c83b311c0b757377978358e14fa4c3e
5c9a92882a5a5a1e27bf4a26ae1836755f26bffb
966e2e0ed3cfecac5852def39c29185d2c5ce0eb6b7d33a1bb9931278ff0c065

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Nov 2023 05:19:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/thumb/preview-5_0.jpg

192.229.220.49

200 OK

1.9 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/thumb/preview-5_0.jpg
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 107x60, components 3\012- data
Size
1.9 kB (1863 bytes)
Hash
80d5fac79b54d4f90238676dafb0e842
33d3fa7812937586abf814b6d85f627158590e30
aef48c72597f4752058d3efe234275d8882ec4d9c9a2f4cf1a19bb6053ab7870

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/thumb/preview-5_0.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 99129
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31104000
content-type: image/jpeg
date: Wed, 01 Nov 2023 05:19:15 GMT
etag: "80d5fac79b54d4f90238676dafb0e842"
expires: Sat, 26 Oct 2024 05:19:15 GMT
last-modified: Tue, 31 Oct 2023 00:59:37 GMT
server: ECAcc (ska/F69C)
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698713977878956
x-goog-hash: crc32c=91t/rA==, md5=gNX6x5tU1PkCOGdtr7DoQg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1863
x-guploader-uploadid: ABPtcPo8pyWmlfH9RwhiV4FsgS7qLUBCrUim9YDddwesPcFI-LbvDwT-wGWL8AijIXWii5MNeQsgiTlcXJqGeTrPaBbn3Id4n0X6
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 1863

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/stream.mpd

192.229.220.49

200 OK

33 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/stream.mpd
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text
Size
33 kB (33264 bytes)
Hash
f9dbbac6598a69833e47c57927adce75
d6482aa49e3278af3c67b89f99e6ecf1c45d9b48
f36eb38f1d614b3a857f4a52b74a55210160e39a458029b98ed73a84c74ed272

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/stream.mpd HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 99130
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31104000
content-type: application/dash+xml
date: Wed, 01 Nov 2023 05:19:16 GMT
etag: "f9dbbac6598a69833e47c57927adce75"
expires: Sat, 26 Oct 2024 05:19:16 GMT
last-modified: Tue, 31 Oct 2023 01:43:43 GMT
server: ECAcc (ska/F746)
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698716623919170
x-goog-hash: crc32c=RicNfg==, md5=+du6xlmKaYM+R8V5J63OdQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 33264
x-guploader-uploadid: ABPtcPqNjxClRpj2f1cCgY2ufsVvDv_tvI4nXGGdQzZz5LP7AzANjeibzeUAgz1QHMuehydlWPYIYFUSk6Cd2sT9Jsx2jaweahEF
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 33264

ocsp.godaddy.com/

192.124.249.23

2.1 kB

URL
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
2.1 kB (2107 bytes)
Hash
6b336aeb47e88cd9d2520bd9c2ec9bd5
bc43ccb860f4c218ff5bcda629e47009cea9062a
760d84f833c8b1e90708e19a8439bb0debf50e737c063d17d7177e0c7ad25059

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Nov 2023 05:19:16 GMT
Content-Type: application/ocsp-response
Content-Length: 2107
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 31 Oct 2023 20:51:23 GMT
Expires: Wed, 01 Nov 2023 20:51:23 GMT
ETag: "bc43ccb860f4c218ff5bcda629e47009cea9062a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/video/480x270_h264_1000000/init.mp4

192.229.220.49

200 OK

875 B

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/video/480x270_h264_1000000/init.mp4
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
ISO Media, MP4 v1 [ISO 14496-1:ch13]\012- data
Size
875 B (875 bytes)
Hash
77fa0dc4d199209d10ee995c194b9c0d
1441356abc09e2e4e35f45cc2f757f7658401366
6f20d38dd411ec2052f31440b607355996de28156cd839156f50e459192ecd62

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/video/480x270_h264_1000000/init.mp4 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 98659
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31104000
content-type: video/mp4
date: Wed, 01 Nov 2023 05:19:16 GMT
etag: "77fa0dc4d199209d10ee995c194b9c0d"
expires: Sat, 26 Oct 2024 05:19:16 GMT
last-modified: Tue, 31 Oct 2023 01:41:54 GMT
server: ECAcc (ska/F736)
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698716514081969
x-goog-hash: crc32c=cBYc/Q==, md5=d/oNxNGZIJ0Q7plcGUucDQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 875
x-guploader-uploadid: ABPtcPpqMo7zSdF-7i95Q8VrD8EuShzQuwewl_ryjpUtq-V95A6rEK4r5h-1EZmkAdx1dR7ipuZiUgVjcNvyL1e72xGL2062x6TG
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 875

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/audio/aac_96000/init.mp4

192.229.220.49

200 OK

826 B

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/audio/aac_96000/init.mp4
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
ISO Media, MP4 v1 [ISO 14496-1:ch13]\012- data
Size
826 B (826 bytes)
Hash
181168e27d2e8b01c9ab6d9cdb329fba
4e39276fb4685132d77f87f25de7e7c5358682d5
0a03295fe105616756517d93f51345ce37414be49ea79cdb9fa552d29ebaf100

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/audio/aac_96000/init.mp4 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 98997
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31104000
content-type: video/mp4
date: Wed, 01 Nov 2023 05:19:16 GMT
etag: "181168e27d2e8b01c9ab6d9cdb329fba"
expires: Sat, 26 Oct 2024 05:19:16 GMT
last-modified: Tue, 31 Oct 2023 01:43:43 GMT
server: ECAcc (ska/F6CF)
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698716623599145
x-goog-hash: crc32c=DX0+MA==, md5=GBFo4n0uiwHJq22c2zKfug==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 826
x-guploader-uploadid: ABPtcPqRWXCZj8anEMzegQ-YgDgGD-1VPkdmTNuk4aOFHQl-l-C7PQCiaeDC0eHj1Ylf_1vX9hGNpvc8CRtlxBv1xLDaPA
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 826

api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=40,549,376,967,6,1083,1592,1646,4491,4493

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=40,549,376,967,6,1083,1592,1646,4491,4493
IP
35.192.151.63:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint82:04:EC:6A:8D:9D:D8:E2:90:A1:2D:96:68:08:FF:D4:1D:3D:72:A8
ValidityThu, 28 Sep 2023 15:13:30 GMT - Wed, 27 Dec 2023 15:13:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=40,549,376,967,6,1083,1592,1646,4491,4493 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true
Server: Stargate
Date: Wed, 01 Nov 2023 05:19:16 GMT
x-request-id: 04btepgcvvcaar6l6feg
access-control-expose-headers: LP-Security-Token
X-Forwarded-For: 91.90.42.154

api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=ZacGGQJn4SCwG9joMyhc4V&kind=timer&label=lb_embed_leadbox_load&value=799

35.192.151.63

200 OK

35 B

URL GET HTTP/1.1
api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=ZacGGQJn4SCwG9joMyhc4V&kind=timer&label=lb_embed_leadbox_load&value=799
IP
35.192.151.63:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint82:04:EC:6A:8D:9D:D8:E2:90:A1:2D:96:68:08:FF:D4:1D:3D:72:A8
ValidityThu, 28 Sep 2023 15:13:30 GMT - Wed, 27 Dec 2023 15:13:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=ZacGGQJn4SCwG9joMyhc4V&kind=timer&label=lb_embed_leadbox_load&value=799 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
access-control-allow-origin: https://go.behindthemarkets.com
x-request-id: 01l74ivt5suoc4cui7jg
Date: Wed, 01 Nov 2023 05:19:16 GMT
access-control-max-age: 600
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
X-Forwarded-For: 91.90.42.154

licensing.bitmovin.com/licensing

35.227.229.24

200 OK

165 B

URL POST HTTP/2
licensing.bitmovin.com/licensing
IP
35.227.229.24:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoDaddy.com, Inc.
Subject*.bitmovin.com
FingerprintA3:12:09:E0:2B:6B:C9:36:D1:AE:E8:38:F4:5F:1B:F6:B2:47:16:3C
ValidityMon, 08 May 2023 12:46:05 GMT - Sat, 08 Jun 2024 12:46:05 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
165 B (165 bytes)
Hash
bad32d07dc1ad9e3d334785067afbf34
653f8f612c6646daae0122b3b27e2c11486f86a4
41d9103b84690ae5330f1de907c91f6964d58cbb449887cf1bb0e13475dc0638

HTTP Headers

POST /licensing HTTP/1.1
Host: licensing.bitmovin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 154
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
content-type: application/json
date: Wed, 01 Nov 2023 05:19:16 GMT
content-length: 165
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/video/480x270_h264_1000000/1.m4s

192.229.220.49

200 OK

60 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/video/480x270_h264_1000000/1.m4s
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
data
Size
60 kB (59881 bytes)
Hash
277d895ae738e22f8209f01ab85f28c5
7dc380d7355be5d3f882f10ca22a05247f853c75
519d736edbac65c82e627aac034b3c410c3c0a4635c6b8b34ee2fec8ec31ef97

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/video/480x270_h264_1000000/1.m4s HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 98658
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31104000
content-type: video/iso.segment
date: Wed, 01 Nov 2023 05:19:16 GMT
etag: "277d895ae738e22f8209f01ab85f28c5"
expires: Sat, 26 Oct 2024 05:19:16 GMT
last-modified: Tue, 31 Oct 2023 01:41:45 GMT
server: ECAcc (ska/F76D)
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698716505954955
x-goog-hash: crc32c=prTAQg==, md5=J32JWuc44i+CCfAauF8oxQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 59881
x-guploader-uploadid: ABPtcPpGiFiRSWzRWf7ID5oWy7oc9_lF5C2_eUZ5BFTPGW1E3nyrgJ2RfQS34R7fYUyeilVO75nE7HfIaejOLvqJV655Dbr5JsSa
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 59881

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/audio/aac_96000/1.m4s

192.229.220.49

200 OK

37 kB

URL GET HTTP/3
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/audio/aac_96000/1.m4s
IP
192.229.220.49:443
ASN
#15133 EDGECAST

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type
data
Size
37 kB (37329 bytes)
Hash
baa55001da48867ede387e6c4c919804
4acb586f5efb947060ff2d7c660111a3b6377d56
9251fa720b44f0ac21597d4553d3c3a27353af269e272232014224b975d2a9e4

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/m4s/audio/aac_96000/1.m4s HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache
age: 98997
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31104000
content-type: video/iso.segment
date: Wed, 01 Nov 2023 05:19:16 GMT
etag: "baa55001da48867ede387e6c4c919804"
expires: Sat, 26 Oct 2024 05:19:16 GMT
last-modified: Tue, 31 Oct 2023 01:43:39 GMT
server: ECAcc (ska/F73E)
via: 1.1 google
x-cache: HIT
x-cdn: 3
x-cdn-site: c3-prod
x-goog-generation: 1698716619611916
x-goog-hash: crc32c=kuHYng==, md5=uqVQAdpIhn7eOH5sTJGYBA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 37329
x-guploader-uploadid: ABPtcPpwRJ8W20XUs0TX0OpjgNaijK50QPNCb8mAfRSece5cBeYSLLGKEYN8aK0aEe6PVnSsG6Oky2cMMKkGcM1VMCT3EYmd5npV
x-lb-backend: gcs-prod
x-lb-cache: miss
content-length: 37329

ocsp.godaddy.com/

192.124.249.22

2.1 kB

URL
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
2.1 kB (2107 bytes)
Hash
6b336aeb47e88cd9d2520bd9c2ec9bd5
bc43ccb860f4c218ff5bcda629e47009cea9062a
760d84f833c8b1e90708e19a8439bb0debf50e737c063d17d7177e0c7ad25059

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Nov 2023 05:19:16 GMT
Content-Type: application/ocsp-response
Content-Length: 2107
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 31 Oct 2023 20:51:23 GMT
Expires: Wed, 01 Nov 2023 20:51:23 GMT
ETag: "bc43ccb860f4c218ff5bcda629e47009cea9062a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

analytics-ingress-global.bitmovin.com/licensing

35.190.27.197

200 OK

77 B

URL POST HTTP/2
analytics-ingress-global.bitmovin.com/licensing
IP
35.190.27.197:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoDaddy.com, Inc.
Subject*.bitmovin.com
FingerprintA3:12:09:E0:2B:6B:C9:36:D1:AE:E8:38:F4:5F:1B:F6:B2:47:16:3C
ValidityMon, 08 May 2023 12:46:05 GMT - Sat, 08 Jun 2024 12:46:05 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
40f9443d5dc02e385b00b24c1f570269
c0e65fe8f73334d638173b9e33eff4f36d913104
ea71115c171f3b6874e256a1ff1e30431229a21b584371e0b36eae66cb5d2d9f

HTTP Headers

POST /licensing HTTP/1.1
Host: analytics-ingress-global.bitmovin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 110
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: v1.59.2
date: Wed, 01 Nov 2023 05:19:15 GMT
content-type: application/json
content-length: 77
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ

107.178.211.97

200 OK

43 B

URL GET HTTP/2
stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ
IP
107.178.211.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint82:C0:5C:B9:F2:BC:C3:9C:97:69:3A:BD:C9:F1:EC:AC:B0:1D:CA:30
ValidityMon, 21 Nov 2022 00:00:00 GMT - Fri, 22 Dec 2023 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /awesome-log?cid=PzpZ_7KZ HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-headers: Accept, Content-Type, Origin, Range, X-Requested-With
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
cache-control: no-cache, public, max-age=2592000
content-length: 43
content-type: image/gif
etag: "PzpZ_7KZ/t0qtKOJGuKiZ4BZu"
date: Wed, 01 Nov 2023 05:19:17 GMT
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint82:C0:5C:B9:F2:BC:C3:9C:97:69:3A:BD:C9:F1:EC:AC:B0:1D:CA:30
ValidityMon, 21 Nov 2022 00:00:00 GMT - Fri, 22 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4505
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Wed, 01 Nov 2023 05:19:17 GMT
content-length: 16
x-envoy-upstream-service-time: 2
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.38.233

472 B

URL
ocsp.sectigo.com/
IP
104.18.38.233:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
cf2c28c7f5c594a22afdff368db66a68
686e5cf83958af08c7a1c727b4f195690f92df4f
3c8c0f1739ae40fc7f62035bac507decc9f90ebefb7dbd6a32da6680f44d076f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Nov 2023 05:19:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 29 Oct 2023 00:06:18 GMT
Expires: Sun, 05 Nov 2023 00:06:17 GMT
Etag: "686e5cf83958af08c7a1c727b4f195690f92df4f"
Cache-Control: max-age=326332,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 81f1ae95ae915697-OSL

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint82:C0:5C:B9:F2:BC:C3:9C:97:69:3A:BD:C9:F1:EC:AC:B0:1D:CA:30
ValidityMon, 21 Nov 2022 00:00:00 GMT - Fri, 22 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 293
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Wed, 01 Nov 2023 05:19:17 GMT
content-length: 16
x-envoy-upstream-service-time: 2
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint82:C0:5C:B9:F2:BC:C3:9C:97:69:3A:BD:C9:F1:EC:AC:B0:1D:CA:30
ValidityMon, 21 Nov 2022 00:00:00 GMT - Fri, 22 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 854
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Wed, 01 Nov 2023 05:19:18 GMT
content-length: 16
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=Nh8WaiJjQYxCEL8bftLo4f&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=288,295,1

35.192.151.63

35 B

URL
api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=Nh8WaiJjQYxCEL8bftLo4f&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=288,295,1
IP
35.192.151.63:0
ASN
#15169 GOOGLE

Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint82:04:EC:6A:8D:9D:D8:E2:90:A1:2D:96:68:08:FF:D4:1D:3D:72:A8
ValidityThu, 28 Sep 2023 15:13:30 GMT - Wed, 27 Dec 2023 15:13:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=Nh8WaiJjQYxCEL8bftLo4f&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=288,295,1 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: https://btm-btm-btm.lpages.co
Server: Stargate
Date: Wed, 01 Nov 2023 05:19:19 GMT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-expose-headers: LP-Security-Token
x-request-id: 04bteq91rdng2e5v8uvg
X-Forwarded-For: 91.90.42.154

region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3au1v874108444z8812088355&_p=1155171099&gcd=11l1l1l1l1&cid=73405074.1698815956&ul=en-us&sr=1280x1024&_s=2&sid=1698815955&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&dt=BTM%20-%20King%20Kong%20-%20VSL&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=73405074.1698815956.&upn.variant_id=0&upn.experiment_id=0

216.239.34.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3au1v874108444z8812088355&_p=1155171099&gcd=11l1l1l1l1&cid=73405074.1698815956&ul=en-us&sr=1280x1024&_s=2&sid=1698815955&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&dt=BTM%20-%20King%20Kong%20-%20VSL&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=73405074.1698815956.&upn.variant_id=0&upn.experiment_id=0
IP
216.239.34.36:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint97:15:34:CA:DF:1A:DF:2E:7B:EF:E9:6E:44:21:30:2B:ED:13:54:AE
ValidityMon, 09 Oct 2023 08:03:58 GMT - Mon, 01 Jan 2024 08:03:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je3au1v874108444z8812088355&_p=1155171099&gcd=11l1l1l1l1&cid=73405074.1698815956&ul=en-us&sr=1280x1024&_s=2&sid=1698815955&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-king-kong-vsl%2F%3F_ef_transaction_id%3D6ba5b28a546e4ef888d4b72e979c947d%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415202737506256205%26iocid%3D%26aff%3D5%26oid%3D100&dt=BTM%20-%20King%20Kong%20-%20VSL&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=73405074.1698815956.&upn.variant_id=0&upn.experiment_id=0 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Wed, 01 Nov 2023 05:19:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=3dVxoe4oYfg4z77mvVQXx5&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=432,270,1,429

35.192.151.63

35 B

URL
api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=3dVxoe4oYfg4z77mvVQXx5&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=432,270,1,429
IP
35.192.151.63:0
ASN
#15169 GOOGLE

Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint82:04:EC:6A:8D:9D:D8:E2:90:A1:2D:96:68:08:FF:D4:1D:3D:72:A8
ValidityThu, 28 Sep 2023 15:13:30 GMT - Wed, 27 Dec 2023 15:13:29 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=3dVxoe4oYfg4z77mvVQXx5&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=432,270,1,429 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-origin: https://go.behindthemarkets.com
Server: Stargate
Date: Wed, 01 Nov 2023 05:19:20 GMT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-expose-headers: LP-Security-Token
x-request-id: 04bteqf69ehcll7li8og
X-Forwarded-For: 91.90.42.154

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST HTTP/2
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint82:C0:5C:B9:F2:BC:C3:9C:97:69:3A:BD:C9:F1:EC:AC:B0:1D:CA:30
ValidityMon, 21 Nov 2022 00:00:00 GMT - Fri, 22 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
a1cbd35d4488ac8cc6f959d4c633dc37
11844023759429ec785ae1c18e6a9c69803ee2bd
707d4c7f44dd33e874b5a09b6dba4702b12bfd3e19e470d601fcfc1d7009286c

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 206
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Wed, 01 Nov 2023 05:19:21 GMT
content-length: 16
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/thumb/thumbnail-5_0.jpg

0.0.0.0

0 B

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/thumb/thumbnail-5_0.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
FingerprintD1:EB:08:76:3E:91:B8:A5:58:63:F5:C3:6D:91:00:40:27:B2:21:1E
ValidityWed, 30 Nov 2022 00:00:00 GMT - Sun, 31 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /video/PzpZ_7KZ/kpmOMIUTqOVlfvNM/114467/116255__FFMPEG/thumb/thumbnail-5_0.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100

35.202.21.90

200 OK

97 kB

URL User Request GET HTTP/2
go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
IP
35.202.21.90:443
ASN
#15169 GOOGLE

Certificate
IssuerLet's Encrypt
Subjectgo.behindthemarkets.com
Fingerprint50:E0:9E:CD:61:17:50:31:B2:5A:C7:88:75:A9:C7:26:DE:27:24:88
ValidityWed, 27 Sep 2023 09:22:26 GMT - Tue, 26 Dec 2023 09:22:25 GMT

File type

Size
97 kB (97379 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100 HTTP/1.1
Host: go.behindthemarkets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 05:19:12 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
x-cache: MISS, HIT
last-modified: Tue, 31 Oct 2023 20:35:14 GMT
etag: W/"a9a2bcdab67c6b94e1d143f28ce2d33c"
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2

btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5

35.202.21.90

200 OK

92 kB

URL GET HTTP/2
btm-btm-btm.lpages.co/serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5
IP
35.202.21.90:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerLet's Encrypt
Subject*.lpages.co
Fingerprint65:C5:3A:C8:ED:BB:87:BE:B3:B5:A4:1D:CE:C0:CA:BD:25:E5:8B:02
ValidityTue, 26 Sep 2023 17:51:10 GMT - Mon, 25 Dec 2023 17:51:09 GMT

File type

Size
92 kB (92085 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /serve-leadbox/LUmjr7qNYJFaJKUHS39Dqg/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&aff=5&id=3415202737506256205&iocid=&oid=100&utm_campaign=&utm_medium=&utm_source=5 HTTP/1.1
Host: btm-btm-btm.lpages.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 01 Nov 2023 05:19:14 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
x-cache: MISS, HIT
etag: W/"571c0abe3dd531a3a79a37901a257502"
last-modified: Fri, 21 Jul 2023 16:50:20 GMT
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2

www.behindthemarkets-btm.com/7BZ2W/5XTBKP/?sub1=3415202737506256205

104.21.85.245

302 Found

97 kB

URL User Request GET HTTP/2
www.behindthemarkets-btm.com/7BZ2W/5XTBKP/?sub1=3415202737506256205
IP
104.21.85.245:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbehindthemarkets-btm.com
Fingerprint90:FD:E6:D2:26:0E:7C:0D:2B:34:E4:B8:E0:73:40:2A:56:2A:7E:DB
ValidityTue, 31 Oct 2023 11:19:13 GMT - Mon, 29 Jan 2024 11:19:12 GMT

File type

Size
97 kB (97379 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7BZ2W/5XTBKP/?sub1=3415202737506256205 HTTP/1.1
Host: www.behindthemarkets-btm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 01 Nov 2023 05:19:12 GMT
content-type: text/html; charset=utf-8
location: https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
accept-ch: Sec-Ch-Ua-Platform-Version
set-cookie: uniqueClick_5XTBKP=5f7bf47c-0375-494f-8fc3-bbcb98dc6969:1698815951; Path=/; Expires=Thu, 02 Nov 2023 05:19:12 GMT; SameSite=None
transaction_id=6ba5b28a546e4ef888d4b72e979c947d; Path=/; Expires=Tue, 30 Jan 2024 05:19:12 GMT; SameSite=None
vary: Origin
x-eflow-request-id: 02f405f7-e981-4e42-a6fc-3d910d083ed9
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaHiTBjX2YskvmBXqURg7mKZtoTTb%2BG2n%2FVOBPUANJGFmPXy0s1cflRYjGf7%2FjHrS%2BrxoO6EDR3utEI3jTj%2FjZnNPDg8D18bCReObip3s49DS4%2B3I9uvIAhHkrUCQKZ65aDEi8N50uvrrU7sJI5o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81f1ae738b660b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lh3.googleusercontent.com/mV-NDRpEblU6YgLZNxo0oma4Wjk2nMckxLyJEB9pd7kFaJ7kJAyWOf3ABjLu0xKzwwtPgsjXv5uMHVKY_T4pVCJi-_5P-ypHBLWh=w1280

142.250.74.129

200 OK

34 kB

URL GET HTTP/2
lh3.googleusercontent.com/mV-NDRpEblU6YgLZNxo0oma4Wjk2nMckxLyJEB9pd7kFaJ7kJAyWOf3ABjLu0xKzwwtPgsjXv5uMHVKY_T4pVCJi-_5P-ypHBLWh=w1280
IP
142.250.74.129:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-king-kong-vsl/?_ef_transaction_id=6ba5b28a546e4ef888d4b72e979c947d&utm_source=5&utm_campaign=&utm_medium=&id=3415202737506256205&iocid=&aff=5&oid=100
Certificate
IssuerGoogle Trust Services LLC
Subject*.googleusercontent.com
Fingerprint5E:EF:C0:E1:67:C9:67:A3:95:36:92:94:58:17:E4:59:B6:C9:8E:E5
ValidityMon, 09 Oct 2023 08:11:06 GMT - Mon, 01 Jan 2024 08:11:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, description=hexagon concept design abstract technology background vector EPS10, software=Picasa], baseline, precision 8, 1280x768, components 3\012- data
Size
34 kB (33584 bytes)
Hash
d92dc882d1715e69a0980a3ea30a95f5
e46672bfb9f7985f8d815e1fff364aec329f0c86
8f89069558a2ad4c64ce302ac1f95dcf3f9534aa7826348f2534e76113763af3

HTTP Headers

GET /mV-NDRpEblU6YgLZNxo0oma4Wjk2nMckxLyJEB9pd7kFaJ7kJAyWOf3ABjLu0xKzwwtPgsjXv5uMHVKY_T4pVCJi-_5P-ypHBLWh=w1280 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 33584
x-xss-protection: 0
date: Wed, 01 Nov 2023 04:19:40 GMT
expires: Thu, 02 Nov 2023 04:19:40 GMT
cache-control: public, max-age=86400, no-transform
age: 3575
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (33)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by