Report - click.traderconsul.com/btmlastretire1224/dff20e6a191da40e3d172cffea8fd36b/48/2705409033/139970/e5d60a434d0bc94736a87871f507f1a2/63511

Report Overview

Visited public
2025-03-14 00:17:25
Tags
URL
click.traderconsul.com/btmlastretire1224/dff20e6a191da40e3d172cffea8fd36b/48/2705409033/139970/e5d60a434d0bc94736a87871f507f1a2/63511
Finishing URL
go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
IP / ASN
104.21.80.1
#13335 CLOUDFLARENET
Title
BTM Last Retirement Stock Offer

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google-analytics.com	40	2005-07-18	2012-06-28	2025-03-09	1.8 kB	55 kB	216.58.207.206
region1.google-analytics.com	unknown	2005-07-18	2022-03-17	2025-03-09	1.2 kB	853 B	216.239.34.36
stats.g.doubleclick.net	96	1996-01-16	2012-07-01	2025-03-10	718 B	857 B	108.177.14.155
click.traderconsul.com	unknown	2021-11-23	2023-06-05	2025-02-05	601 B	9.2 kB	104.21.32.1
api.leadpages.io	33876	2014-09-17	2016-01-27	2025-03-13	4.3 kB	2.8 kB	35.192.151.63
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-12	2.8 kB	1.9 MB	142.250.74.72
static.leadpages.net	35995	2012-11-07	2016-05-28	2025-03-13	856 B	205 kB	34.107.203.240
go.behindthemarkets.com	815375	2017-03-30	2019-08-20	2025-03-10	2.7 kB	321 kB	35.202.21.90
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2025-03-12	2.5 kB	1.7 kB	216.239.34.36
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-03-12	1.1 kB	92 kB	142.250.74.74
btm-btm-btm.lpages.co	unknown	2017-03-15	2022-07-01	2025-03-10	737 B	96 kB	35.202.21.90
www.google.com	7	1997-09-15	2015-05-10	2025-03-12	880 B	574 B	216.58.207.228
js.center.io	39001	2011-09-13	2017-01-30	2025-03-13	2.0 kB	35 kB	216.239.34.21
verifiedlinks.org	unknown	2024-08-27	2024-09-05	2025-03-12	2.8 kB	14 kB	104.18.24.96
www.facebook.com	99	1997-03-29	2012-05-21	2025-03-12	1.8 kB	926 B	31.13.72.36
fast.vidalytics.com	218005	2007-05-15	2017-02-08	2025-03-09	6.3 kB	3.7 MB	205.234.175.175
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-03-12	4.5 kB	291 kB	142.250.74.163
stats.vidalytics.com	153185	2007-05-15	2017-02-08	2025-03-13	4.2 kB	3.7 kB	107.178.211.97
www.google.no	25607	2001-02-26	2012-06-26	2025-03-12	869 B	580 B	142.250.74.131
www.behindthemarkets-btm.com	848293	2021-03-09	2021-03-11	2025-03-10	535 B	129 kB	104.21.112.1
lh3.googleusercontent.com	66	2008-11-17	2012-05-22	2025-03-12	3.8 kB	183 kB	142.250.74.161
embed.lpcontent.net	50471	2020-06-17	2020-06-20	2025-03-07	442 B	43 kB	34.107.203.240
connect.facebook.net	139	2004-04-01	2012-05-22	2025-03-10	1.7 kB	348 kB	31.13.72.12

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-13	medium	verifiedlinks.org	Sinkholed
2025-03-13	medium	verifiedlinks.org	Sinkholed
2025-03-13	medium	verifiedlinks.org	Sinkholed
2025-03-13	medium	verifiedlinks.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (55)

	URL	From	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	ScriptElement	53 kB	2023-06-16	2025-03-15
Pretty URL www.google-analytics.com/analytics.js IP 216.58.207.206 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-16 11:16 Last Seen2025-03-15 01:24 Times Seen2101 Hash 575b5480531da4d14e7453e2016fe0bc e5c5f3134fe29e60b591c87ea85951f0aea36ee1 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	Eval	126 B	2023-03-08	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eval Embedded in HTML false Observations First Seen2023-03-08 02:09 Last Seen2025-03-15 02:23 Times Seen836 Hash 4fe7374212694d79957cd9a1bb8fdef2 010e231568ee9c1bd7f2460c5a79da7f557fcc9a 93a694caf72303625617cfe8edbe6444a43454c3e34613487a74188f783c1e58 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	447 B	2025-02-17	2025-03-14
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-17 13:42 Last Seen2025-03-14 01:49 Times Seen52 Hash 43056b2213e5442354844f3a51aaa57c 489f0577e1b0df18520ab19a1abe4947ff4d4cbd 32c420fb06a8ca98d464dbbecece346eb2ffb2dfbf46abf96326e7b1a0502705 Loading...

	js.center.io/center.js	ScriptElement	13 kB	2023-03-07	2025-03-15
Pretty URL js.center.io/center.js IP 216.239.34.21 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1069 Hash 60f05ff45d707fe36d87b75bf181800d e34d94b519ed465481596bcff099467feb0aafdd cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16585749727&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719	ScriptElement	316 kB	2025-03-13	2025-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16585749727&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 23:33 Last Seen2025-03-14 01:23 Times Seen8 Hash 151ca5cebba84a082d8d228cb363d367 9d4d1e699289796524da486d2aae55525d43eedf 6c65e44a39cd1124bd417e6d52ecf233090abb4e4b8b62d5f7fc920ebfbe46c2 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	Eval	92 B	2023-03-08	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eval Embedded in HTML false Observations First Seen2023-03-08 02:09 Last Seen2025-03-15 02:23 Times Seen816 Hash 70067a5e54adbe9d9567c09470b0a617 4a47e4781b5bac3cdd38247db3fb87c63336c31a ad86521431911b76d497d5ebf350060c89e901d2bed2ebfa8a0d7b751b96f860 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	EventHandler	16 B	2023-04-10	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-03-15 04:03 Times Seen51330 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	go.behindthemarkets.com/3f3e980e-0260-4d38-9ad7-6acfc188854d	ScriptElement	926 kB	2025-02-10	2025-03-14
Pretty URL go.behindthemarkets.com/3f3e980e-0260-4d38-9ad7-6acfc188854d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-10 06:15 Last Seen2025-03-14 01:49 Times Seen105 Hash 50b80c1fa68476f84a0b22612eefbb58 9e210772b3590cd7ebc7d081602f416cdf312a58 057f6daacaa51bdd09039283cae7bf109cbcc2d9282fae34f9041c1bf8164e45 Loading...

	fast.vidalytics.com/embeds/PzpZ_7KZ/UpH6WzzDuBAMmiKg/loader.min.js	ScriptElement	26 kB	2025-02-17	2025-03-14
Pretty URL fast.vidalytics.com/embeds/PzpZ_7KZ/UpH6WzzDuBAMmiKg/loader.min.js IP 205.234.175.175 ASN #30081 CACHENETWORKS Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-17 13:42 Last Seen2025-03-14 01:49 Times Seen52 Hash a5a161fb09ed979d2f18309008db416b fd3dcc2377c6bcf6d73121fb866168a5b70d7f13 7a3f68807c7c41786ce38577b4679191a54c6fe9ce002b624c265bb2e5efc6e7 Loading...

	js.center.io/center.js	ScriptElement	13 kB	2023-03-07	2025-03-15
Pretty URL js.center.io/center.js IP 216.239.34.21 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1069 Hash 60f05ff45d707fe36d87b75bf181800d e34d94b519ed465481596bcff099467feb0aafdd cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	314 B	2025-01-31	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-31 02:37 Last Seen2025-03-15 02:23 Times Seen342 Hash 7a4224698469eb91077ed0583a0d151c 7ffb9acc302f6bfb032b5772c8880f2b16c978fe 9330b3baeefe9dc60f05a2d6470fba00384aa4e06a493784e9a57e9ad7244fb9 Loading...

	connect.facebook.net/en_US/fbevents.js	ScriptElement	248 kB	2025-03-13	2025-03-14
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 20:20 Last Seen2025-03-14 18:40 Times Seen179 Hash bb1c1393731058927d584755de660d72 5529d50e8de66acbfa522f88eb6db7ef11b3fa23 c493191e77e3cc5e32178e85a1d89de39ac93ba13ccb801cca86cb9defe7db62 Loading...

	connect.facebook.net/signals/config/490765829848240?v=2.9.187&r=stable&domain=go.behindthemarkets.com&hme=9d6c2cc137748d003f279fac8d52b2defc993e1177ef802e0d5b230c72882031&ex_m=71%2C123%2C108%2C112%2C62%2C4%2C101%2C70%2C16%2C98%2C90%2C51%2C55%2C177%2C180%2C192%2C188%2C189%2C191%2C29%2C102%2C53%2C78%2C190%2C172%2C175%2C185%2C186%2C193%2C134%2C41%2C198%2C195%2C196%2C34%2C147%2C15%2C50%2C202%2C201%2C136%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C109%2C52%2C111%2C39%2C110%2C30%2C95%2C26%2C173%2C176%2C144%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C103%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C105%2C104%2C106%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C107%2C45%2C80%2C69%2C113%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C114	ScriptElement	91 kB	2025-03-13	2025-03-14
Pretty URL connect.facebook.net/signals/config/490765829848240?v=2.9.187&r=stable&domain=go.behindthemarkets.com&hme=9d6c2cc137748d003f279fac8d52b2defc993e1177ef802e0d5b230c72882031&ex_m=71%2C123%2C108%2C112%2C62%2C4%2C101%2C70%2C16%2C98%2C90%2C51%2C55%2C177%2C180%2C192%2C188%2C189%2C191%2C29%2C102%2C53%2C78%2C190%2C172%2C175%2C185%2C186%2C193%2C134%2C41%2C198%2C195%2C196%2C34%2C147%2C15%2C50%2C202%2C201%2C136%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C109%2C52%2C111%2C39%2C110%2C30%2C95%2C26%2C173%2C176%2C144%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C103%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C105%2C104%2C106%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C107%2C45%2C80%2C69%2C113%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C114 IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 20:20 Last Seen2025-03-14 01:49 Times Seen34 Hash 0a1cb0b89c4304f3ed51c52654171d10 469aa057fe64b6c73abd5b2795292936dd89b4d6 3f89892e8bebe37e652b44428a3b394db78ab9b68a3b9345e620339cb02888c5 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	515 B	2025-02-24	2025-03-14
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-24 07:21 Last Seen2025-03-14 01:49 Times Seen25 Hash f834f717c2b1bb23635740807209a55b d4ecc051574612adea5a0534f5b6fc73f3797905 bc7a711aefb2946c0d31093b8656c133a409dce7d6e2893eb551a9ddc26a27cd Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	414 B	2023-03-08	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:09 Last Seen2025-03-15 02:23 Times Seen835 Hash 0f1c1e338722cb680190732c4e8e3f3e de7e63cbcce170f77302100562443128f115ecbc ee29e0be4ce3b2f3bcfeddbb30b7594cc151657feba8d3760fb9835311116216 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX	ScriptElement	377 kB	2025-03-14	2025-03-14
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 00:17 Last Seen2025-03-14 01:34 Times Seen6 Hash f259f8b761ea1630db4d842c20bd23cf 42bf92127e40880eb42dbee3969953922a3e6d07 e62a6cee76275ab15078f1b4a7789d954c01e31a7f419232a78b9c084da197cc Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	1.1 kB	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1047 Hash f243709fadf6e072fd4fc43a139860e6 21692bdbc65edff8eca41e13d7036235f8ece36f 942275c3ece75f2592f4947d4e306a2a594de12dddd152ca13eafb747166a35c Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	2.9 kB	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1052 Hash a3faab281a519d4ece6839d53701c840 4d0935708bd081919188e521931ce14f3cc7c59e ae42a47bdc6093b78f0b62277fab3d311c56337621d945fbc3c68d3216fd4343 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	582 B	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1047 Hash 24959da5977b7558ff59cd5acdf88a1e 43c70045dc13d59dc973e90432261325421d8549 71e5a7aff94fa6fd0a971d99e54814a4131a061f2e361ffc73a5a6ef11d1062a Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	488 B	2024-10-31	2025-03-14
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-31 04:25 Last Seen2025-03-14 01:49 Times Seen106 Hash 2fa30ce2a86212778976ddbef12e659b b126b40d35bdb571ae27b1819ff087aacca8c7ff 39c657cf1dc6896c0262c339cf0f59dd68232950480fce17ab4481c589064f1b Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	917 B	2025-02-17	2025-03-14
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-17 13:42 Last Seen2025-03-14 01:49 Times Seen52 Hash 87fc51292a2f483dbf18ae2886e47ad4 d6b911bf3e160f071367fa05e157c1e75a1b6386 bc018840d484290554297320e0c4ce189a7c2962f0af4304e1c1aa4f03e9c515 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	Eval	130 B	2023-07-15	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eval Embedded in HTML false Observations First Seen2023-07-15 18:57 Last Seen2025-03-15 02:23 Times Seen346 Hash ed6513f751a5ac340c506433a8932e4d 2e9b4f77b90719e385fa5e1a6c64f1b64bb14c44 9be57bcecd8a6a38f5418f581494f966ff4fae4d54ec0b116c32ae3073083dca Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	443 B	2024-11-29	2025-03-14
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-29 15:17 Last Seen2025-03-14 01:49 Times Seen114 Hash 92ae19b3813a73236973c3b336a1aa0c a2613df95dd678d1bea013b27804afd554c5525f 2cb350ee0b676c9455fec58d8c046aaecec88de1fc1732c0352fd1cd0d50403e Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	2.9 kB	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1052 Hash a3faab281a519d4ece6839d53701c840 4d0935708bd081919188e521931ce14f3cc7c59e ae42a47bdc6093b78f0b62277fab3d311c56337621d945fbc3c68d3216fd4343 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	3.6 kB	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1036 Hash c164a88f770902ca8e62a5e399e32018 9d1ca269500112216a2b19d25b8c25440b2e89ba c53f0864a6382bf6866e66f734b2682161eb97cebed43234daf7ab086b4ca8c0 Loading...

	www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719	ScriptElement	454 kB	2025-03-14	2025-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 00:17 Last Seen2025-03-14 00:17 Times Seen1 Hash 8af1fec3bb9fc4c36582fb0df19bdeb0 d1e0978a3ce20e764d0a1c83eb0c5ad6e24ae2ee 41b7ab7fc060c4fa4a17f99a9c414412d2df9e781fa599513e920718eaae7430 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	Eval	80 B	2023-03-08	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eval Embedded in HTML false Observations First Seen2023-03-08 02:09 Last Seen2025-03-15 02:23 Times Seen834 Hash 0a94139e4615771d6d97fb3d968225b2 ede8882cf509b54d78f9ae6d0983cb4466a633b6 ca0059abf25af68454df89030c51cb41e112e2fa58ebb0b2ffa85b3fc6fee883 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	7.1 kB	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1041 Hash 54fcbe8bf78f4a60f28e2cdb6e694d36 20b842db1ad9bd92eed8c854065b761a84f69e27 72ceea7d54bdaa348bf0f1e1545e148dd2e9c248a2ca70482f8b5f0047587b4f Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	582 B	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1047 Hash 24959da5977b7558ff59cd5acdf88a1e 43c70045dc13d59dc973e90432261325421d8549 71e5a7aff94fa6fd0a971d99e54814a4131a061f2e361ffc73a5a6ef11d1062a Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	7.1 kB	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1041 Hash 54fcbe8bf78f4a60f28e2cdb6e694d36 20b842db1ad9bd92eed8c854065b761a84f69e27 72ceea7d54bdaa348bf0f1e1545e148dd2e9c248a2ca70482f8b5f0047587b4f Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	2.5 kB	2024-05-15	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-15 04:42 Last Seen2025-03-15 02:23 Times Seen670 Hash 1a674379150089ed7e1089d74b81e9d5 ac7b5b707b5c3b9e34a32d48c5caa4fd8d4d93f0 b00a6c35856e18d14e28fbb5d44edef82a932d47d0b7bd670df25cec9e301991 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	1.1 kB	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1047 Hash f243709fadf6e072fd4fc43a139860e6 21692bdbc65edff8eca41e13d7036235f8ece36f 942275c3ece75f2592f4947d4e306a2a594de12dddd152ca13eafb747166a35c Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	2.5 kB	2024-05-15	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-15 04:42 Last Seen2025-03-15 02:23 Times Seen670 Hash 1a674379150089ed7e1089d74b81e9d5 ac7b5b707b5c3b9e34a32d48c5caa4fd8d4d93f0 b00a6c35856e18d14e28fbb5d44edef82a932d47d0b7bd670df25cec9e301991 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	5.4 kB	2023-05-15	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 23:35 Last Seen2025-03-15 02:23 Times Seen1018 Hash fc0b8de8bf07fe1f20ecbf76e15f87aa 57950c0b8f0f6768b595fd74ec115f032b03f9ed cf61f4a4f3c09feac95f312fe0115655571a65979b16e2c3468cd422a1ba0b8f Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	Eval	126 B	2023-03-08	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eval Embedded in HTML false Observations First Seen2023-03-08 02:09 Last Seen2025-03-15 02:23 Times Seen836 Hash 4fe7374212694d79957cd9a1bb8fdef2 010e231568ee9c1bd7f2460c5a79da7f557fcc9a 93a694caf72303625617cfe8edbe6444a43454c3e34613487a74188f783c1e58 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719	ScriptElement	312 kB	2025-03-13	2025-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-13 23:33 Last Seen2025-03-14 01:43 Times Seen4 Hash 1c07974f95f8d228b7e411bf3f81da7f 1bdb6caf82b430fd2fb8392e6e225966630dcffc 73969c78d8fe23f1b7fc9427d24bafa96c4901c2935c2f48c31fdc93c0244187 Loading...

	www.googletagmanager.com/gtag/js?id=AW-16670774721&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719	ScriptElement	401 kB	2025-03-14	2025-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=AW-16670774721&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 00:17 Last Seen2025-03-14 00:17 Times Seen1 Hash fdf4d67eafbd7c20fb7746cab3c23356 1bbf92f19a62d75468e77dc0368bdb3f49273f28 365174bee9af375f5fccf552a9389f2c6a0df4979cc19a0c3fe04491af0c6531 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	3.6 kB	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1036 Hash c164a88f770902ca8e62a5e399e32018 9d1ca269500112216a2b19d25b8c25440b2e89ba c53f0864a6382bf6866e66f734b2682161eb97cebed43234daf7ab086b4ca8c0 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	5.4 kB	2023-05-15	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-15 23:35 Last Seen2025-03-15 02:23 Times Seen1018 Hash fc0b8de8bf07fe1f20ecbf76e15f87aa 57950c0b8f0f6768b595fd74ec115f032b03f9ed cf61f4a4f3c09feac95f312fe0115655571a65979b16e2c3468cd422a1ba0b8f Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	1.1 kB	2024-09-13	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-13 03:19 Last Seen2025-03-15 02:23 Times Seen436 Hash ee63f83edc78352ea0ddc35ce9ab661a 785a1a281f3a8db51fcc2dc9984c7148d716bbce e89f95c09a0653057c5c62d26bf3f77fded081028f8f1a32d59fe55b5c59e0ad Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	347 B	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1048 Hash 324d070d383d7e171663391494e4eaf1 147167b389b5672075f113a03583378a22149967 3dfd8ef986ba39418b44b6eeef78e69bb8d04e786e7479c37087cb70b4fa9c84 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	1.1 kB	2024-09-13	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-13 03:19 Last Seen2025-03-15 02:23 Times Seen436 Hash ee63f83edc78352ea0ddc35ce9ab661a 785a1a281f3a8db51fcc2dc9984c7148d716bbce e89f95c09a0653057c5c62d26bf3f77fded081028f8f1a32d59fe55b5c59e0ad Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	181 B	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21 Last Seen2025-03-15 02:23 Times Seen1034 Hash 03c6f9076ca3a4dee82dff97b28e6e5f 34e14b9e6b7f1f25bacd50142f395e4409ca74f6 74b2d22da3e536e007235a166b47e5498591fef8dd5723ffedfbf5a89cd97aa6 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	Eval	65 B	2023-11-21	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eval Embedded in HTML false Observations First Seen2023-11-21 15:38 Last Seen2025-03-15 02:23 Times Seen792 Hash a434d8d70086c5b541cf953d46a6fcf9 651ac529314c0915b3d6f9af6dbf366d5e020ab6 bd79f3bace96866d957bfa99c34951689148707899756824ce4e9c0d1726ff37 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	1.8 kB	2024-07-09	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-09 02:22 Last Seen2025-03-15 02:23 Times Seen576 Hash 23028fc64e65f6dd3ac0611f94a5ce14 c7812c04a20d069f8ee1269f579e3dc19b5ab898 aa212692e64120cb4859c70d0baff0e3200c5f1b2e15e778adb1237c93d0a3d8 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	347 B	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen1048 Hash 324d070d383d7e171663391494e4eaf1 147167b389b5672075f113a03583378a22149967 3dfd8ef986ba39418b44b6eeef78e69bb8d04e786e7479c37087cb70b4fa9c84 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	181 B	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21 Last Seen2025-03-15 02:23 Times Seen1034 Hash 03c6f9076ca3a4dee82dff97b28e6e5f 34e14b9e6b7f1f25bacd50142f395e4409ca74f6 74b2d22da3e536e007235a166b47e5498591fef8dd5723ffedfbf5a89cd97aa6 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	461 B	2023-03-08	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:09 Last Seen2025-03-15 02:23 Times Seen849 Hash e9565aa95958c3f427dd710f00d4a092 c596f2b7d288537ccac2c83942fe24643166ccea f36c51fc4c2bfd0402dc43fc85669439adc251635fa6db4600570b3766c07b99 Loading...

	embed.lpcontent.net/leadboxes/current/embed.js	ScriptElement	43 kB	2023-03-07	2025-03-15
Pretty URL embed.lpcontent.net/leadboxes/current/embed.js IP 34.107.203.240 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen947 Hash 7efcfabdb6209627ce8b016b1c4814eb f3b8ebfc5fe452333c0fa14b15b28567f30921b9 5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	EventHandler	16 B	2023-04-10	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-03-15 04:03 Times Seen51330 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	go.behindthemarkets.com/rt.js	ScriptElement	140 B	2025-03-14	2025-03-14
Pretty URL go.behindthemarkets.com/rt.js IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-14 00:17 Last Seen2025-03-14 00:17 Times Seen1 Hash 75a3a65a187b415a39155ddce6e8d5bd 5fe4ab0d2c160a736a8fc11b7fa47583d8b55332 993cc5aae212f80d3b8997aec265fb6bff0b89feea635083f034540360c074e4 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	889 B	2023-03-07	2025-03-15
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:21 Last Seen2025-03-15 02:23 Times Seen990 Hash e836a223299c66996d922f90cb0a7ed3 8bf67c5a1042829803fc04c4b047ec9f5482bf70 c77e92eba359ee71dbbc3d949be51ac51788cb30ef685ef643bf5c8961d7eff1 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	752 B	2025-02-17	2025-03-14
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-17 13:42 Last Seen2025-03-14 01:49 Times Seen52 Hash 51e871b12ef2b6fe3ceff7fd7f2d1209 64ceb2aa04dbea3f0964afc8f5ca8a7bad62a3e4 c307b076376b0addf26909dab18a86e8e101ba2638211ac3e92cbd56bdbe2642 Loading...

	btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5	ScriptElement	4.0 kB	2023-03-07	2025-03-15
Pretty URL btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:15 Last Seen2025-03-15 02:23 Times Seen856 Hash ab3f007f9ddbf0f4583e6002fec81753 64833abe13132a7220b56d21255b5c5a4e8a0c0f 44a8607238597f4d1d1c5bd6cce5f871b987105d969aa5d492e1f37e23aca407 Loading...

	go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=	ScriptElement	159 B	2025-02-17	2025-03-14
Pretty URL go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= IP 35.202.21.90 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-17 13:42 Last Seen2025-03-14 01:49 Times Seen47 Hash 927b9b612b812617a7eabbf1cd74e1d8 4232095f0a1ab3dbe5719c2a56fe7ce15de9e3a3 3ada34b395b272b05760affdfcc470df770435c4622c26a073fe11552487ef7a Loading...

HTTP Transactions (78)

URL IP Response Size

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/stream.m3u8

205.234.175.175

200 OK

604 B

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/stream.m3u8
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
M3U playlist, ASCII text, with very long lines (632), with no line terminators
Size
604 B (604 bytes)
Hash
a965c73dfb6e7c5ce862fa4ee21438b0
40cd17dc28a6e1a0c9defc706a4a4b93e2c80623
815e9b63fc1d7a41bd72369aadc6cb164985213808bab28ca4386507078feb1c

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/stream.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:10 GMT
content-type: application/vnd.apple.mpegurl
content-length: 604
x-cff: B
x-guploader-uploadid: AKDAyIuaRxbnbn0MSIgOQrpLcg8LaoALIeZLtea5kACX8NLuU_KwRlrh7coN4-ZY4htSgCSTRoTXmHsxH0eH
x-goog-generation: 1722257534547602
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 604
x-goog-hash: crc32c=Yi4Tiw==, md5=lsZasWvnTMKzsCHaHVWYfw==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
expires: Mon, 02 Mar 2026 16:07:11 GMT
cache-control: public, max-age=31104000
last-modified: Mon, 29 Jul 2024 12:52:14 GMT
etag: "96c65ab16be74cc2b3b021da1d55987f"
x-lb-backend: gcs-prod
x-lb-cache: revalidated
x-cf3: H
cf4age: 135533
x-cf-tsc: 1741802326
cf4ttl: 30968466.000
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: 41661c574603a0a9b718bc22c2a64527
accept-ranges: bytes
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=SSGuF662Wc8Hg9AFtJQZB6&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=109,239,1

35.192.151.63

200 OK

35 B

URL GET
api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=SSGuF662Wc8Hg9AFtJQZB6&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=109,239,1
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint96:E3:23:86:7F:F7:F1:E3:C7:DE:12:0B:DD:70:43:5E:FE:ED:29:58
ValidityFri, 17 Jan 2025 19:24:06 GMT - Thu, 17 Apr 2025 19:24:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=SSGuF662Wc8Hg9AFtJQZB6&origin=center-js&kind=timer,timer,counter&label=load-center,load-identify,ident-exists&value=109,239,1 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
Date: Fri, 14 Mar 2025 00:17:14 GMT
access-control-allow-origin: https://btm-btm-btm.lpages.co
access-control-expose-headers: LP-Security-Token
x-request-id: 02i095drt563b347561g
access-control-max-age: 600
access-control-allow-credentials: true
X-Forwarded-For: 109.169.118.111

lh3.googleusercontent.com/LcxC1scYCFZbqHn3lBkCC-fMjs5HH0AEBithj1thrrREDhQ8TDVkFFkQziHSsyBwn4RpH2-vxU-l2XezDhSULgZ8SjhENJUHgg=w16

142.250.74.161

200 OK

288 B

URL GET
lh3.googleusercontent.com/LcxC1scYCFZbqHn3lBkCC-fMjs5HH0AEBithj1thrrREDhQ8TDVkFFkQziHSsyBwn4RpH2-vxU-l2XezDhSULgZ8SjhENJUHgg=w16
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
PNG image data, 16 x 2, 8-bit/color RGB, non-interlaced
Size
288 B (288 bytes)
Hash
c3015587b5099390ac50b067273c92fa
e2c3b026c88953e02ed4609b219267c09f7655ab
bbf8912f6bc2371e64807b1cf7205710c5689297b8a9b855157813f38b90035d

HTTP Headers

GET /LcxC1scYCFZbqHn3lBkCC-fMjs5HH0AEBithj1thrrREDhQ8TDVkFFkQziHSsyBwn4RpH2-vxU-l2XezDhSULgZ8SjhENJUHgg=w16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 288
x-xss-protection: 0
date: Thu, 13 Mar 2025 20:29:46 GMT
expires: Fri, 14 Mar 2025 20:29:46 GMT
cache-control: public, max-age=86400, no-transform
age: 13641
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-16585749727&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719

142.250.74.72

200 OK

316 kB

URL GET
www.googletagmanager.com/gtag/js?id=AW-16585749727&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
316 kB (316231 bytes)
Hash
151ca5cebba84a082d8d228cb363d367
9d4d1e699289796524da486d2aae55525d43eedf
6c65e44a39cd1124bd417e6d52ecf233090abb4e4b8b62d5f7fc920ebfbe46c2

HTTP Headers

GET /gtag/js?id=AW-16585749727&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 14 Mar 2025 00:17:09 GMT
expires: Fri, 14 Mar 2025 00:17:09 GMT
cache-control: private, max-age=900
last-modified: Fri, 14 Mar 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 108615
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/identify.html

216.239.34.21

200 OK

4.4 kB

URL GET
js.center.io/identify.html
IP
216.239.34.21:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subjectjs.center.io
Fingerprint48:67:92:8B:0B:9A:A7:42:7F:A6:B7:E1:60:6E:80:AB:3A:2B:9E:54
ValidityFri, 07 Feb 2025 08:26:28 GMT - Thu, 08 May 2025 09:18:00 GMT

File type
HTML document, ASCII text, with very long lines (4580), with no line terminators
Size
4.4 kB (4432 bytes)
Hash
dd3f28f59b3588a5565ac1762c05b783
9a2f893bfbeb4ac2e020a54eb38e51fad214376c
6bcffa59124c35fd0262b7892f8562fc2c00a7229d4e556efab74f3d0af8c1db

HTTP Headers

GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Cookie: centerVisitorId=wQmAmvzzQT484RpunBpuLq
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-cloud-trace-context: 7bcb041f3c2279194d264df2e5a1981a
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Fri, 14 Mar 2025 00:13:03 GMT
expires: Fri, 14 Mar 2025 00:18:03 GMT
cache-control: public, max-age=300
age: 247
etag: "OMWYXg"
content-type: text/html
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_1280x720_2400000_variant.m3u8

205.234.175.175

200 OK

71 kB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_1280x720_2400000_variant.m3u8
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
71 kB (70772 bytes)
Hash
7666c3c355501156aac1eaad0d2e6b1f
933b839a370d8ed19b0465abd02f44d62501706e
f076214aa87cd8c4cd0df63d6bc8c62444f4c29faac48e993dc3e13b93e52f73

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_1280x720_2400000_variant.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:10 GMT
content-type: application/vnd.apple.mpegurl
content-length: 70772
x-cff: B
x-guploader-uploadid: AHMx-iG0qplFtg9kgbdEKNfJbTE9CCkAVcuiG4oMzaWQ9g1Ki12qiOLn3xdN8_SVgDxEFr6e
x-goog-generation: 1722255554134078
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 70772
x-goog-hash: crc32c=7YGKng==, md5=dmbDw1VQEVaqweqtDS5rHw==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
expires: Tue, 17 Feb 2026 07:03:51 GMT
cache-control: public, max-age=31104000
last-modified: Mon, 29 Jul 2024 12:19:14 GMT
etag: "7666c3c355501156aac1eaad0d2e6b1f"
x-lb-backend: gcs-prod
x-lb-cache: revalidated
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cf3: H
cf4age: 24394
x-cf-tsc: 1740232226
cf4ttl: 31079606.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: 2f8e6262c9ca098d60ac7590e399db42
accept-ranges: bytes
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/1280x720_h264_2400000/1.ts

205.234.175.175

200 OK

713 kB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/1280x720_h264_2400000/1.ts
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
data
Size
713 kB (712896 bytes)
Hash
106240181777b85670d9370a296c585c
93f47c82652ee4ca0c241e0530edf6ced794c255
cf942839a0d8b57f4eda73d3ec842fd5cf48bbfecdfa6daaf5f71cfcfd3f4b0e

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/1280x720_h264_2400000/1.ts HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:10 GMT
content-type: video/mp2t
content-length: 712896
x-cff: B
x-guploader-uploadid: AHMx-iGAU-nt0PKnxHK7htKgYYlGvYgpvBrHNQK-HmYsYMYFop9cs4br0F3zX3tOeF16ow3UVeJ10MxnoS-Q
x-goog-generation: 1722255528684474
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 712896
x-goog-hash: crc32c=foJ9mA==, md5=EGJAGBd3uFZw2TcKKWxYXA==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
expires: Fri, 13 Feb 2026 21:04:18 GMT
cache-control: public, max-age=31104000
last-modified: Mon, 29 Jul 2024 12:18:48 GMT
etag: "106240181777b85670d9370a296c585c"
x-lb-backend: gcs-prod
x-lb-cache: hit
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cf3: H
cf4age: 0
x-cf-tsc: 1739916635
cf4ttl: 31104000.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: a759e30a8c40c40466554bda2b86a31c
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/librebaskerville/v14/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2

142.250.74.163

200 OK

27 kB

URL GET
fonts.gstatic.com/s/librebaskerville/v14/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27120, version 1.0
Size
27 kB (27120 bytes)
Hash
43e7d3f1dec74478587a2b3cfa272631
c065f24ac428353854ebd6715c49966fc4f4c762
6c6c9c3fad669c3d32227f5cc3467735c8211ddcf4f8c184c2e62e7f3ef7af44

HTTP Headers

GET /s/librebaskerville/v14/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27120
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:22:35 GMT
expires: Fri, 13 Mar 2026 09:22:35 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 16:42:07 GMT
content-type: font/woff2
age: 53673
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/license?hash=UpH6WzzDuBAMmiKg%7Cgo.behindthemarkets.com

205.234.175.175

200 OK

79 B

URL GET
fast.vidalytics.com/license?hash=UpH6WzzDuBAMmiKg%7Cgo.behindthemarkets.com
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
79 B (79 bytes)
Hash
3dd6e788b7944f0231987c336baeda6a
eae550a92b5a2261329d632ea86ecaa774286c25
f8970538fb21602d94da641d0f734f01a4dd6572b2067af5c1241d0e79fddc84

HTTP Headers

GET /license?hash=UpH6WzzDuBAMmiKg%7Cgo.behindthemarkets.com HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:10 GMT
content-type: application/json; charset=utf-8
content-length: 79
x-cff: B
access-control-allow-origin: *
cache-control: public, max-age=300, s-maxage=300
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: vidalytics-player-api.vidalytics-player-api.svc.cluster.local:80/*
x-lb-backend: api-prod
surrogate-key: lb-api
x-lb-cache: disabled
x-cf3: H
cf4age: 1617
x-cf-tsc: 1741911431
cf4ttl: 0.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: M
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: 19525ede03bcd5738e453b8e55fade34
accept-ranges: bytes
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
c3efe8346d884265db9dbb71aef7e61a
22c45c28d5447e51d470b4be05ab6a78c66c5f69
c14b9db4f637fcb570d2c827237ec2d5afa703e77d623a29386492316779d67e

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 5346
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Fri, 14 Mar 2025 00:17:11 GMT
content-length: 16
x-envoy-upstream-service-time: 2
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/640x360_h264_900000/2.ts

205.234.175.175

200 OK

417 kB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/640x360_h264_900000/2.ts
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
data
Size
417 kB (417360 bytes)
Hash
229ad62e711db8ecb2d9dda8edf1be00
b9ab01fb08ed1e15f082f7a1fb3a7cb5fd291a6c
53f94e51cab6673cb006019c734aa7237bddeec005dfc02ec17f185f1923d032

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/640x360_h264_900000/2.ts HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:11 GMT
content-type: video/mp2t
content-length: 417360
x-cff: B
x-guploader-uploadid: AKDAyIupopDOA4ANLEfM0CHD3EpW1FwiXKucswU4xMZ3yfgPJTodFKDfWAaeibdJ6lb9zI88
cache-control: public, max-age=31104000
expires: Fri, 06 Mar 2026 05:37:26 GMT
last-modified: Mon, 29 Jul 2024 12:00:14 GMT
etag: "229ad62e711db8ecb2d9dda8edf1be00"
x-goog-generation: 1722254414804917
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 417360
x-goog-hash: crc32c=JYFj7A==, md5=IprWLnEduOyy2d2o7fG+AA==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
x-lb-backend: gcs-prod
x-lb-cache: miss
x-cf3: H
cf4age: 68907
x-cf-tsc: 1741898865
cf4ttl: 31035092.000
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: f19c7a41b5beded2592ddbf32220f32a
accept-ranges: bytes
X-Firefox-Spdy: h2

static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css

34.107.203.240

200 OK

102 kB

URL GET
static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subjectstatic.leadpages.net
Fingerprint65:AB:AA:D3:C4:5F:FA:1A:D0:4D:06:D8:CF:F1:24:42:CF:91:CD:12
ValidityFri, 24 Jan 2025 14:18:51 GMT - Thu, 24 Apr 2025 15:12:45 GMT

File type
ASCII text, with very long lines (52276)
Size
102 kB (102217 bytes)
Hash
5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

HTTP Headers

GET /fonts/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 1a1cf58181d2b7daa78bd85abc919eb1
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 26836
date: Tue, 11 Mar 2025 10:58:39 GMT
expires: Wed, 11 Mar 2026 10:58:39 GMT
cache-control: public, max-age=31536000
age: 220708
etag: "FG18Vw"
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/librebaskerville/v14/kmKiZrc3Hgbbcjq75U4uslyuy4kn0qviTgY3KcA.woff2

142.250.74.163

200 OK

28 kB

URL GET
fonts.gstatic.com/s/librebaskerville/v14/kmKiZrc3Hgbbcjq75U4uslyuy4kn0qviTgY3KcA.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27976, version 1.0
Size
28 kB (27976 bytes)
Hash
22907ce040431644b934b72a7c431a36
78863dfb62414fe1a73f64d7f7fbff63ebccb322
658cbf469e751ade6d30b701fc7ca00b3403329481955d30acb721ca38b45d99

HTTP Headers

GET /s/librebaskerville/v14/kmKiZrc3Hgbbcjq75U4uslyuy4kn0qviTgY3KcA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:39:07 GMT
expires: Fri, 13 Mar 2026 09:39:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:45:46 GMT
content-type: font/woff2
age: 52681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/LcxC1scYCFZbqHn3lBkCC-fMjs5HH0AEBithj1thrrREDhQ8TDVkFFkQziHSsyBwn4RpH2-vxU-l2XezDhSULgZ8SjhENJUHgg=w1064

142.250.74.161

200 OK

52 kB

URL GET
lh3.googleusercontent.com/LcxC1scYCFZbqHn3lBkCC-fMjs5HH0AEBithj1thrrREDhQ8TDVkFFkQziHSsyBwn4RpH2-vxU-l2XezDhSULgZ8SjhENJUHgg=w1064
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
PNG image data, 1064 x 166, 8-bit/color RGB, non-interlaced
Size
52 kB (51925 bytes)
Hash
3bab0d59caf3a9fffac7d6de8dd2bc8b
18d685622ee8cb7c20236dacf651e1e018ffe55a
ba937abbdf978ad6096588397b1b5f5f5c243360ef4d920b02652f85b7022d67

HTTP Headers

GET /LcxC1scYCFZbqHn3lBkCC-fMjs5HH0AEBithj1thrrREDhQ8TDVkFFkQziHSsyBwn4RpH2-vxU-l2XezDhSULgZ8SjhENJUHgg=w1064 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 51925
x-xss-protection: 0
date: Thu, 13 Mar 2025 20:29:47 GMT
expires: Fri, 14 Mar 2025 20:29:47 GMT
cache-control: public, max-age=86400, no-transform
age: 13641
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/1920x1080_h264_3500000/2.ts

205.234.175.175

200 OK

1.4 MB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/1920x1080_h264_3500000/2.ts
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
data
Size
1.4 MB (1359804 bytes)
Hash
2686822cbce7bcb6c5ab5b357afd3a09
926bbb629ac09fd0cb599f6e4219b047e6e1bd49
f602b99737568312236758efa6781451af9d221513d22d808be230137045dfb6

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/ts/video/1920x1080_h264_3500000/2.ts HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:11 GMT
content-type: video/mp2t
content-length: 1359804
x-cff: B
x-guploader-uploadid: AHMx-iE2cmM0rkP-DDX8tmNyjUq6XYCQxJsSvcz6xghwAyHTP2_aQtQOsxmj0USkxfRFxRJOWyjNldVv8wmj
x-goog-generation: 1722257496092679
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1359804
x-goog-hash: crc32c=QBq/yg==, md5=JoaCLLznvLbFq1s1ev06CQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
expires: Sun, 15 Feb 2026 09:05:36 GMT
cache-control: public, max-age=31104000
last-modified: Mon, 29 Jul 2024 12:51:36 GMT
etag: "2686822cbce7bcb6c5ab5b357afd3a09"
x-lb-backend: gcs-prod
x-lb-cache: hit
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cf3: M
cf4age: 0
x-cf-tsc: 1740045177
cf4ttl: 31104000.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: 2578db6a98385b2aaccff2a0580ee0f1
accept-ranges: bytes
X-Firefox-Spdy: h2

stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ&uid=xyTsaf67ohnZGfdu

107.178.211.97

200 OK

29 B

URL POST
stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ&uid=xyTsaf67ohnZGfdu
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
086c0d14b85fd5f926d9fdd3859e068f
63fcb9a993400e5b1cf2c6a148543cd24ffbac50
ca890889220e2a4b699b31aa015956dff3cbb27259cb44c29d1d6b4569df7b4c

HTTP Headers

POST /awesome-log?cid=PzpZ_7KZ&uid=xyTsaf67ohnZGfdu HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 317
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/json
date: Fri, 14 Mar 2025 00:17:13 GMT
content-length: 29
x-envoy-upstream-service-time: 2
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

lh3.googleusercontent.com/W_vRo2tNrVX1bAh6a2vHvwkN-SmBa9FS-pNZToMYTmh5ofJjywWyb6t2nJhjjaMcVosVP_9R5GwhffqAOJ6lTH33VJW6FzHT3m2i=w16

142.250.74.161

200 OK

226 B

URL GET
lh3.googleusercontent.com/W_vRo2tNrVX1bAh6a2vHvwkN-SmBa9FS-pNZToMYTmh5ofJjywWyb6t2nJhjjaMcVosVP_9R5GwhffqAOJ6lTH33VJW6FzHT3m2i=w16
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
PNG image data, 16 x 3, 8-bit/color RGB, non-interlaced
Size
226 B (226 bytes)
Hash
ece4cae91b1f404227957d7277e45330
674ac000b9bb6b4a7c7a702fc4f6694db7d8ddef
247ec6a64d5a6e8c0ffd4d8b731beb4d749298d530401f53bf33b7e59baabad7

HTTP Headers

GET /W_vRo2tNrVX1bAh6a2vHvwkN-SmBa9FS-pNZToMYTmh5ofJjywWyb6t2nJhjjaMcVosVP_9R5GwhffqAOJ6lTH33VJW6FzHT3m2i=w16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 226
x-xss-protection: 0
date: Thu, 13 Mar 2025 21:07:06 GMT
expires: Fri, 14 Mar 2025 21:07:06 GMT
cache-control: public, max-age=86400, no-transform
age: 11401
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/gkuzPxB1Sw3CaBEj0HFeNcmlbW8juInWOJXmoS8X08alVbv7CbVjXZp6FHRvWNoAM0kIV4T0uE74JEsKRjPgiZsf5p4RH7VGLhY=s16

142.250.74.161

200 OK

1.7 kB

URL GET
lh3.googleusercontent.com/gkuzPxB1Sw3CaBEj0HFeNcmlbW8juInWOJXmoS8X08alVbv7CbVjXZp6FHRvWNoAM0kIV4T0uE74JEsKRjPgiZsf5p4RH7VGLhY=s16
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, description=Business data and stock market analysis, currency exchange. Businessman analyzing financial graph, forex chart, economic growth, software=Picasa, copyright=TippaPatt], baseline, precision 8, 16x5, components 3
Size
1.7 kB (1673 bytes)
Hash
addf557c7e2fc77dc25a93740ca0e01b
1c37d0bf3aa23851aa0144f8685125ac58dcfd12
8b665ee635722c516921b3bb9212561a930039692408fbf5ecec33be62854699

HTTP Headers

GET /gkuzPxB1Sw3CaBEj0HFeNcmlbW8juInWOJXmoS8X08alVbv7CbVjXZp6FHRvWNoAM0kIV4T0uE74JEsKRjPgiZsf5p4RH7VGLhY=s16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 1673
x-xss-protection: 0
date: Thu, 13 Mar 2025 20:29:47 GMT
expires: Fri, 14 Mar 2025 20:29:47 GMT
cache-control: public, max-age=86400, no-transform
age: 13641
etag: "v1"
content-type: image/jpeg
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/players/v.5.2.2.001-vid-prod/player.min.js

205.234.175.175

200 OK

926 kB

URL GET
fast.vidalytics.com/players/v.5.2.2.001-vid-prod/player.min.js
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
926 kB (926305 bytes)
Hash
50b80c1fa68476f84a0b22612eefbb58
9e210772b3590cd7ebc7d081602f416cdf312a58
057f6daacaa51bdd09039283cae7bf109cbcc2d9282fae34f9041c1bf8164e45

HTTP Headers

GET /players/v.5.2.2.001-vid-prod/player.min.js HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:09 GMT
content-type: application/javascript
x-cff: B
x-guploader-uploadid: AHMx-iG5ZmbZ4gC8af43sHL86rV02hIzK41IRd_3M--b_YwikKe9nXpxReXePuiXDseUuLq_xA2F4cE
cache-control: public, max-age=86400, s-maxage=2592000
expires: Thu, 03 Apr 2025 03:32:58 GMT
last-modified: Thu, 06 Feb 2025 09:16:42 GMT
etag: W/"0b50b6d2c8a7a939b02b2bc6a49b4fbb"
vary: Accept-Encoding, Accept-Encoding
x-goog-generation: 1738833402194680
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 258836
x-goog-meta-release-tag: v.5.2.2.001-vid-prod
x-goog-meta-surrogate-key: player-versioned
x-goog-hash: crc32c=kD7HNw==, md5=C1C20sinqTmwKyvGpJtPuw==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
x-guploader-response-body-transformations: gunzipped
warning: 214 UploadServer gunzipped
x-lb-backend: gcs-prod
x-lb-cache: miss
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cf3: M
cf4age: 0
x-cf-tsc: 1741059179
cf4ttl: 2592000.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: 1dee8db59b6768827b3a92848b6733a4
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:21:17 GMT
expires: Fri, 13 Mar 2026 09:21:17 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 53753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/MYUsJcWKJT75eWFx/img/thumbnail/blob-66a43165be48a.jpg

205.234.175.175

403 Forbidden

0 B

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/MYUsJcWKJT75eWFx/img/thumbnail/blob-66a43165be48a.jpg
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /video/PzpZ_7KZ/MYUsJcWKJT75eWFx/img/thumbnail/blob-66a43165be48a.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 14 Mar 2025 00:17:11 GMT
content-type: application/xml; charset=UTF-8
content-length: 111
x-cff: B
access-control-allow-origin: *
expires: Fri, 14 Mar 2025 00:17:11 GMT
cache-control: private, max-age=0
accept-ranges: bytes
x-served-by: cache-dfw-kdfw8210133-DFW, cache-par-lfpb1150053-PAR
x-cache-hits: 0, 0
x-cf3: M
cf4age: 0
x-cf-tsc: 1741911431
cf4ttl: 10.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: M
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: a073d2d012d2c141e656ade66f97cc8a
X-Firefox-Spdy: h2

stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ&uid=xyTsaf67ohnZGfdu

107.178.211.97

200 OK

0 B

URL OPTIONS
stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ&uid=xyTsaf67ohnZGfdu
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /awesome-log?cid=PzpZ_7KZ&uid=xyTsaf67ohnZGfdu HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://go.behindthemarkets.com
access-control-allow-methods: POST,GET,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Disposition,Content-Type,Origin,pragma,Range,X-Requested-With,X-File-Name,X-Filename
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
date: Fri, 14 Mar 2025 00:17:13 GMT
server: istio-envoy
X-Firefox-Spdy: h2

verifiedlinks.org/go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8]

104.18.24.96

302 Found

0 B

URL User Request GET
verifiedlinks.org/go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8]
IP
104.18.24.96:80
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8] HTTP/1.1
Host: verifiedlinks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 14 Mar 2025 00:17:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://verifiedlinks.org/c/3415790118458813203
Vary: User-Agent
cf-cache-status: DYNAMIC
Set-Cookie: PHPSESSID=d9a6e2a27711e94ed2e28789d107c618; path=/
pixel_session_hash_63634=3415790118458813203; expires=Sun, 13-Apr-2025 00:17:03 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
bt_tracking_product_63634=b709c42a6d4d2d00114fc4d0f5b72ec6197c1ddb12025042007014c0f33f4bc0; expires=Sun, 16-Mar-2025 00:17:03 GMT; Max-Age=172800
__cf_bm=kk2ezBp9llKz8pT9uZi6PCz65nqHZ9y3GBopy8EyVMk-1741911423-1.0.1.1-FlWzHXVKvybth1heQKezVH1jo2s79U3wsp56YGLHe0pBOlO_dqPBwIQ5E..fnZ4f.WKqu8q5jId_jzjFtw0Qk6t_6R_Lh1L6e6EgmYJ.HVw; path=/; expires=Fri, 14-Mar-25 00:47:03 GMT; domain=.verifiedlinks.org; HttpOnly
Server: cloudflare
CF-RAY: 91ff95f809c55684-OSL

www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719

142.250.74.72

200 OK

312 kB

URL GET
www.googletagmanager.com/gtag/js?id=AW-16454845358&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
312 kB (311609 bytes)
Hash
1c07974f95f8d228b7e411bf3f81da7f
1bdb6caf82b430fd2fb8392e6e225966630dcffc
73969c78d8fe23f1b7fc9427d24bafa96c4901c2935c2f48c31fdc93c0244187

HTTP Headers

GET /gtag/js?id=AW-16454845358&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 14 Mar 2025 00:17:09 GMT
expires: Fri, 14 Mar 2025 00:17:09 GMT
cache-control: private, max-age=900
last-modified: Fri, 14 Mar 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 107310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css

34.107.203.240

200 OK

102 kB

URL GET
static.leadpages.net/fonts/font-awesome/6.4.2/css/all.min.css
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subjectstatic.leadpages.net
Fingerprint65:AB:AA:D3:C4:5F:FA:1A:D0:4D:06:D8:CF:F1:24:42:CF:91:CD:12
ValidityFri, 24 Jan 2025 14:18:51 GMT - Thu, 24 Apr 2025 15:12:45 GMT

File type
ASCII text, with very long lines (52276)
Size
102 kB (102217 bytes)
Hash
5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

HTTP Headers

GET /fonts/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: static.leadpages.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 1a1cf58181d2b7daa78bd85abc919eb1
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 26836
date: Tue, 11 Mar 2025 10:58:39 GMT
expires: Wed, 11 Mar 2026 10:58:39 GMT
cache-control: public, max-age=31536000
age: 220711
etag: "FG18Vw"
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/W_vRo2tNrVX1bAh6a2vHvwkN-SmBa9FS-pNZToMYTmh5ofJjywWyb6t2nJhjjaMcVosVP_9R5GwhffqAOJ6lTH33VJW6FzHT3m2i=w700

142.250.74.161

200 OK

38 kB

URL GET
lh3.googleusercontent.com/W_vRo2tNrVX1bAh6a2vHvwkN-SmBa9FS-pNZToMYTmh5ofJjywWyb6t2nJhjjaMcVosVP_9R5GwhffqAOJ6lTH33VJW6FzHT3m2i=w700
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
PNG image data, 700 x 130, 8-bit/color RGBA, non-interlaced
Size
38 kB (38366 bytes)
Hash
f31eb0977a6a492cb837e6942def3b4b
127b4d33a567fd8d2b485acfa996ca7565efb2f0
4fc0af59275893e15158cb0f81acac2afaaa27e6a75cc58012f11d6877192f63

HTTP Headers

GET /W_vRo2tNrVX1bAh6a2vHvwkN-SmBa9FS-pNZToMYTmh5ofJjywWyb6t2nJhjjaMcVosVP_9R5GwhffqAOJ6lTH33VJW6FzHT3m2i=w700 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 38366
x-xss-protection: 0
date: Thu, 13 Mar 2025 20:29:47 GMT
expires: Fri, 14 Mar 2025 20:29:47 GMT
cache-control: public, max-age=86400, no-transform
age: 13641
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

216.58.207.206

200 OK

53 kB

URL GET
www.google-analytics.com/analytics.js
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (2343)
Size
53 kB (52916 bytes)
Hash
575b5480531da4d14e7453e2016fe0bc
e5c5f3134fe29e60b591c87ea85951f0aea36ee1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:225:0
report-to: {"group":"ascnsrsgac:225:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
server: Golfe2
content-length: 20994
date: Thu, 13 Mar 2025 23:53:49 GMT
expires: Fri, 14 Mar 2025 01:53:49 GMT
cache-control: public, max-age=7200
age: 1400
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=490765829848240&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rl=&if=false&ts=1741911429796&sw=1280&sh=1024&v=2.9.187&r=stable&ec=0&o=4126&fbp=fb.1.1741911429789.62831188551639737&cs_est=true&ler=empty&it=1741911429311&coo=false&rqm=GET

31.13.72.36

200 OK

0 B

URL GET
www.facebook.com/tr/?id=490765829848240&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rl=&if=false&ts=1741911429796&sw=1280&sh=1024&v=2.9.187&r=stable&ec=0&o=4126&fbp=fb.1.1741911429789.62831188551639737&cs_est=true&ler=empty&it=1741911429311&coo=false&rqm=GET
IP
31.13.72.36:443
ASN
#32934 FACEBOOK

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerDigiCert Inc
Subject*.facebook.com
FingerprintAE:DB:11:61:EF:0F:07:55:62:1C:75:93:06:3C:29:74:82:D3:96:68
ValiditySat, 21 Dec 2024 00:00:00 GMT - Fri, 21 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=490765829848240&ev=PageView&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rl=&if=false&ts=1741911429796&sw=1280&sh=1024&v=2.9.187&r=stable&ec=0&o=4126&fbp=fb.1.1741911429789.62831188551639737&cs_est=true&ler=empty&it=1741911429311&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
x-fb-connection-quality: GOOD; q=0.7, rtt=65, rtx=0, c=10, mss=1248, tbw=3730, tp=-1, tpl=-1, uplat=0, ullat=0
alt-svc: h3=":443"; ma=86400
date: Fri, 14 Mar 2025 00:17:10 GMT
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
c3efe8346d884265db9dbb71aef7e61a
22c45c28d5447e51d470b4be05ab6a78c66c5f69
c14b9db4f637fcb570d2c827237ec2d5afa703e77d623a29386492316779d67e

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 528
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Fri, 14 Mar 2025 00:17:12 GMT
content-length: 16
x-envoy-upstream-service-time: 3
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/thumb/preview-5_0.jpg

205.234.175.175

200 OK

3.2 kB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/thumb/preview-5_0.jpg
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 320x321, segment length 16, comment: "Lavc60.3.100", baseline, precision 8, 107x60, components 3
Size
3.2 kB (3241 bytes)
Hash
0fb3de7d1164f574c013570b4fc8bcec
061f2ce69fab8fe6f59d760a100f0dd059c7f3a7
845fdd8fcff65a02ccc82d1d1b024140513eb4640b1901d10452eda571630656

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/thumb/preview-5_0.jpg HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:09 GMT
content-type: image/jpeg
content-length: 3241
x-cff: B
x-guploader-uploadid: AKDAyItjLCLzbcoq1gqc3GhLYEwgyBlEvyTOoJyo81gMzvtZ33OxZgjAPEMzJnyfhkc8mltQxcoW4_jalQPA
cache-control: public, max-age=31104000
expires: Wed, 04 Mar 2026 13:57:13 GMT
last-modified: Mon, 29 Jul 2024 11:41:49 GMT
etag: "0fb3de7d1164f574c013570b4fc8bcec"
x-goog-generation: 1722253309915213
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3241
x-goog-hash: crc32c=MQhJhg==, md5=D7PefRFk9XTAE1cLT8i87A==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
x-lb-backend: gcs-prod
x-lb-cache: miss
x-cf3: H
cf4age: 135534
x-cf-tsc: 1741802326
cf4ttl: 30968466.000
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: c979edffb58b613d47b487adf6d0895f
accept-ranges: bytes
X-Firefox-Spdy: h2

go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/undefined/

35.202.21.90

404 Not Found

96 kB

URL GET
go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/undefined/
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subjectgo.behindthemarkets.com
FingerprintFF:56:30:48:F8:1E:3F:00:F8:E2:33:09:C2:F5:BC:4D:0C:57:9C:ED
ValiditySun, 19 Jan 2025 14:16:28 GMT - Sat, 19 Apr 2025 14:16:27 GMT

File type

Size
96 kB (96287 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /btm-lrs-vsl-6-month-trial/undefined/ HTTP/1.1
Host: go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 14 Mar 2025 00:17:08 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
server: Leadpages
content-encoding: br
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je53d0v874108444z8812088355za200zb812088355&_p=1741911428474&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=page_view&_fv=1&_ss=1&epn.variant_id=0&tfd=4302

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je53d0v874108444z8812088355za200zb812088355&_p=1741911428474&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=page_view&_fv=1&_ss=1&epn.variant_id=0&tfd=4302
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je53d0v874108444z8812088355za200zb812088355&_p=1741911428474&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=page_view&_fv=1&_ss=1&epn.variant_id=0&tfd=4302 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Fri, 14 Mar 2025 00:17:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:137:0
report-to: {"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
c3efe8346d884265db9dbb71aef7e61a
22c45c28d5447e51d470b4be05ab6a78c66c5f69
c14b9db4f637fcb570d2c827237ec2d5afa703e77d623a29386492316779d67e

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 527
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Fri, 14 Mar 2025 00:17:11 GMT
content-length: 16
x-envoy-upstream-service-time: 3
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

fonts.gstatic.com/s/alegreyasans/v25/5aUu9_-1phKLFgshYDvh6Vwt5eFIqEp2iw.woff2

142.250.74.163

200 OK

24 kB

URL GET
fonts.gstatic.com/s/alegreyasans/v25/5aUu9_-1phKLFgshYDvh6Vwt5eFIqEp2iw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24076, version 1.0
Size
24 kB (24076 bytes)
Hash
522eb06bc38ed6c2610ae87dd2e5acc0
57f0dc898ce06871303855356a9578e13d676f90
a41d23387ab51efbcf75c14cfb801c235b541a0668f9f882b3ff0fd0537f1628

HTTP Headers

GET /s/alegreyasans/v25/5aUu9_-1phKLFgshYDvh6Vwt5eFIqEp2iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24076
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:21:56 GMT
expires: Fri, 13 Mar 2026 09:21:56 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 27 Sep 2024 00:42:20 GMT
content-type: font/woff2
age: 53712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-93BFRYVMTZ&gtm=45be53d0v9192082519z8812088355za200zb812088355&_p=1741911428474&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102803278~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4043

216.239.34.36

204 No Content

0 B

URL POST
region1.google-analytics.com/g/collect?v=2&tid=G-93BFRYVMTZ&gtm=45be53d0v9192082519z8812088355za200zb812088355&_p=1741911428474&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102803278~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4043
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-93BFRYVMTZ&gtm=45be53d0v9192082519z8812088355za200zb812088355&_p=1741911428474&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102803278~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=1&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4043 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Fri, 14 Mar 2025 00:17:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:87:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:87:0
report-to: {"group":"ascnsrsggc:87:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:87:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=1034711592.1741911430&gtm=45je53d0v874108444z8812088355za200zb812088355&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719

108.177.14.155

204 No Content

0 B

URL POST
stats.g.doubleclick.net/g/collect?v=2&tid=G-8R6YNFMJ23&cid=1034711592.1741911430&gtm=45je53d0v874108444z8812088355za200zb812088355&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719
IP
108.177.14.155:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint11:69:7A:60:FE:92:7B:5B:B1:4B:44:D7:D4:C8:E4:64:61:C9:D8:54
ValidityWed, 26 Feb 2025 15:33:01 GMT - Wed, 21 May 2025 15:33:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&cid=1034711592.1741911430&gtm=45je53d0v874108444z8812088355za200zb812088355&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Fri, 14 Mar 2025 00:17:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:112:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:112:0
report-to: {"group":"ascnsrsggc:112:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:112:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_1920x1080_3500000_variant.m3u8

205.234.175.175

200 OK

72 kB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_1920x1080_3500000_variant.m3u8
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
72 kB (72031 bytes)
Hash
de13ea9d2e9a0ef4dfbab7c469a047a9
593b065802ef14c1d03b96c03c4556d149f25ce3
d918489a7d43101273b1fe6c550ea4d4e88f037556d74aa85132043a1021f2d0

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_1920x1080_3500000_variant.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:11 GMT
content-type: application/vnd.apple.mpegurl
content-length: 72031
x-cff: B
x-guploader-uploadid: AHMx-iHWToL_dItHCxzVYIBN-M4CkTeE7kpLgz6hf4gfpMqFE6KU0UNbgHTcgAm4gWKiJJsLfrijUVw
x-goog-generation: 1722257530933287
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72031
x-goog-hash: crc32c=imLIdA==, md5=3hPqnS6aDvTfurfEaaBHqQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
expires: Fri, 13 Feb 2026 10:00:31 GMT
cache-control: public, max-age=31104000
last-modified: Mon, 29 Jul 2024 12:52:10 GMT
etag: "de13ea9d2e9a0ef4dfbab7c469a047a9"
x-lb-backend: gcs-prod
x-lb-cache: revalidated
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cf3: H
cf4age: 43803
x-cf-tsc: 1739916635
cf4ttl: 31060196.000
x-cf-forcetr: 1
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: ad93bd247cd32416e89047650db00b6c
accept-ranges: bytes
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=2e3hMRFLgFSQ5KQBnYdBFd&kind=timer&label=lb_embed_leadbox_load&value=1127

35.192.151.63

200 OK

35 B

URL GET
api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=2e3hMRFLgFSQ5KQBnYdBFd&kind=timer&label=lb_embed_leadbox_load&value=1127
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint96:E3:23:86:7F:F7:F1:E3:C7:DE:12:0B:DD:70:43:5E:FE:ED:29:58
ValidityFri, 17 Jan 2025 19:24:06 GMT - Thu, 17 Apr 2025 19:24:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=2e3hMRFLgFSQ5KQBnYdBFd&kind=timer&label=lb_embed_leadbox_load&value=1127 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
x-request-id: 02i094aj7sd425ffg0a0
Server: Stargate
Date: Fri, 14 Mar 2025 00:17:11 GMT
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 600
X-Forwarded-For: 109.169.118.111

embed.lpcontent.net/leadboxes/current/embed.js

34.107.203.240

200 OK

43 kB

URL GET
embed.lpcontent.net/leadboxes/current/embed.js
IP
34.107.203.240:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subjectembed.lpcontent.net
Fingerprint5B:D6:DD:E3:A7:D5:3F:11:95:93:81:3E:39:6B:43:67:F6:EC:6E:63
ValidityWed, 12 Mar 2025 17:09:24 GMT - Tue, 10 Jun 2025 18:03:37 GMT

File type
JavaScript source, ASCII text, with very long lines (30758)
Size
43 kB (42811 bytes)
Hash
7efcfabdb6209627ce8b016b1c4814eb
f3b8ebfc5fe452333c0fa14b15b28567f30921b9
5590f038f87169772f0bb512d942481838ac73230926fb92c4ff8db9a19b2296

HTTP Headers

GET /leadboxes/current/embed.js HTTP/1.1
Host: embed.lpcontent.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
x-cloud-trace-context: 4cb449982a7285617c6d83157baf474f
content-encoding: gzip
server: Google Frontend
via: 1.1 google
content-length: 14811
date: Fri, 14 Mar 2025 00:17:08 GMT
expires: Fri, 14 Mar 2025 00:22:08 GMT
cache-control: public, max-age=300
etag: "FG18Vw"
content-type: application/javascript
vary: Accept-Encoding
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

verifiedlinks.org/favicon.ico

104.18.24.96

200 OK

1.9 kB

URL GET
verifiedlinks.org/favicon.ico
IP
104.18.24.96:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifiedlinks.org/c/3415790118458813203
Certificate
IssuerGoogle Trust Services
Subjectverifiedlinks.org
Fingerprint3B:DD:7F:E7:1B:15:74:6E:9A:DD:86:1D:77:58:03:C6:7C:D4:6B:4E
ValidityThu, 20 Feb 2025 17:32:01 GMT - Wed, 21 May 2025 18:31:45 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.9 kB (1857 bytes)
Hash
72408223bd3692c3754f9e29f98aec6f
b522b36b810aa31f0c5a9af2ba340a4df00aac12
d5aa2cf55e379566e6d50e661748d8c6882776e3329d5920aa0ca374d38b84cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: verifiedlinks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifiedlinks.org/c/3415790118458813203
Cookie: __cf_bm=rocoSAnIeS8mnmxpgtVXTB4pm8ylraNiXAbvSanm4F8-1741911422-1.0.1.1-Kl2o9B7Ye4C0GEamQzXzLiwgvt6yNz02B6ZbRGQlOPbdKeIzl7Rxcyj8npPUq9S_yInWokRBaPnvUaRETC4ud3LQGRTuIyOeSVa2XwKC1wU; PHPSESSID=d9a6e2a27711e94ed2e28789d107c618; bt_tracking_product_63634=b709c42a6d4d2d00114fc4d0f5b72ec6197c1ddb12025042007014c0f33f4bc0; pixel_session_hash_63634=3415790118458813203
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:04 GMT
content-type: image/x-icon
content-length: 1880
last-modified: Tue, 05 May 2020 11:51:58 GMT
cache-control: public, max-age=2592000
expires: Sun, 13 Apr 2025 00:17:04 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cf-cache-status: HIT
age: 1953393
accept-ranges: bytes
server: cloudflare
cf-ray: 91ff96049b5056ba-OSL
X-Firefox-Spdy: h2

go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=

35.202.21.90

200 OK

127 kB

URL User Request GET
go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subjectgo.behindthemarkets.com
FingerprintFF:56:30:48:F8:1E:3F:00:F8:E2:33:09:C2:F5:BC:4D:0C:57:9C:ED
ValiditySun, 19 Jan 2025 14:16:28 GMT - Sat, 19 Apr 2025 14:16:27 GMT

File type

Size
127 kB (127268 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id= HTTP/1.1
Host: go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:06 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
x-cache: MISS, HIT
etag: W/"07012e379f53a708206d7a88dd8018ec"
last-modified: Tue, 18 Feb 2025 20:39:38 GMT
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2

go.behindthemarkets.com/rt.js

35.202.21.90

200 OK

140 B

URL GET
go.behindthemarkets.com/rt.js
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subjectgo.behindthemarkets.com
FingerprintFF:56:30:48:F8:1E:3F:00:F8:E2:33:09:C2:F5:BC:4D:0C:57:9C:ED
ValiditySun, 19 Jan 2025 14:16:28 GMT - Sat, 19 Apr 2025 14:16:27 GMT

File type
ASCII text, with no line terminators
Size
140 B (140 bytes)
Hash
75a3a65a187b415a39155ddce6e8d5bd
5fe4ab0d2c160a736a8fc11b7fa47583d8b55332
993cc5aae212f80d3b8997aec265fb6bff0b89feea635083f034540360c074e4

HTTP Headers

GET /rt.js HTTP/1.1
Host: go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:07 GMT
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server: Leadpages
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

fast.vidalytics.com/embeds/PzpZ_7KZ/UpH6WzzDuBAMmiKg/loader.min.js

205.234.175.175

200 OK

26 kB

URL GET
fast.vidalytics.com/embeds/PzpZ_7KZ/UpH6WzzDuBAMmiKg/loader.min.js
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26483), with no line terminators
Size
26 kB (26483 bytes)
Hash
a5a161fb09ed979d2f18309008db416b
fd3dcc2377c6bcf6d73121fb866168a5b70d7f13
7a3f68807c7c41786ce38577b4679191a54c6fe9ce002b624c265bb2e5efc6e7

HTTP Headers

GET /embeds/PzpZ_7KZ/UpH6WzzDuBAMmiKg/loader.min.js HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:09 GMT
content-type: application/javascript
vary: Accept-Encoding
x-cff: B
cache-control: public, max-age=600, s-maxage=86400, stale-while-revalidate=3600
x-envoy-upstream-service-time: 77
x-envoy-decorator-operation: vidalytics-player-api.vidalytics-player-api.svc.cluster.local:80/*
x-lb-backend: api-prod
access-control-allow-origin: *
surrogate-key: lb-api
x-lb-cache: disabled
x-cf3: H
cf4age: 14570
x-cf-tsc: 1741898863
cf4ttl: 71829.594
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1738933273:cacheN.arn1-01:B
x-cf-reqid: f626998205373dd67fa7eed2fce44f20
content-encoding: gzip
X-Firefox-Spdy: h2

go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/undefined

35.202.21.90

302 Found

96 kB

URL GET
go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/undefined
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subjectgo.behindthemarkets.com
FingerprintFF:56:30:48:F8:1E:3F:00:F8:E2:33:09:C2:F5:BC:4D:0C:57:9C:ED
ValiditySun, 19 Jan 2025 14:16:28 GMT - Sat, 19 Apr 2025 14:16:27 GMT

File type

Size
96 kB (96287 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /btm-lrs-vsl-6-month-trial/undefined HTTP/1.1
Host: go.behindthemarkets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 14 Mar 2025 00:17:08 GMT
content-type: text/html
content-length: 142
location: https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/undefined/
server: Leadpages
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/alegreyasans/v25/5aUz9_-1phKLFgshYDvh6Vwt7VptvQ.woff2

142.250.74.163

200 OK

24 kB

URL GET
fonts.gstatic.com/s/alegreyasans/v25/5aUz9_-1phKLFgshYDvh6Vwt7VptvQ.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23788, version 1.0
Size
24 kB (23788 bytes)
Hash
bd0ca9709b22761897b83e2c2cb06a6d
89f76282aa8444a9a93a20a8e9b38fe3876126fd
efc0ba5184e11b9496b0263a1051f778bb1a77c74705a604b9fbd9d58dcffcbb

HTTP Headers

GET /s/alegreyasans/v25/5aUz9_-1phKLFgshYDvh6Vwt7VptvQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23788
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:18:57 GMT
expires: Fri, 13 Mar 2026 09:18:57 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 27 Sep 2024 00:43:23 GMT
content-type: font/woff2
age: 53891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719

142.250.74.72

200 OK

454 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (15266)
Size
454 kB (453804 bytes)
Hash
8af1fec3bb9fc4c36582fb0df19bdeb0
d1e0978a3ce20e764d0a1c83eb0c5ad6e24ae2ee
41b7ab7fc060c4fa4a17f99a9c414412d2df9e781fa599513e920718eaae7430

HTTP Headers

GET /gtag/js?id=G-8R6YNFMJ23&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 14 Mar 2025 00:17:09 GMT
expires: Fri, 14 Mar 2025 00:17:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 143639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

click.traderconsul.com/btmlastretire1224/dff20e6a191da40e3d172cffea8fd36b/48/2705409033/139970/e5d60a434d0bc94736a87871f507f1a2/63511

104.21.32.1

302 Found

8.2 kB

URL User Request GET
click.traderconsul.com/btmlastretire1224/dff20e6a191da40e3d172cffea8fd36b/48/2705409033/139970/e5d60a434d0bc94736a87871f507f1a2/63511
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttraderconsul.com
Fingerprint8D:4A:82:8D:8E:75:4C:9B:8B:53:B7:E3:84:C9:C6:CB:DE:77:F0:AF
ValidityThu, 30 Jan 2025 08:20:39 GMT - Wed, 30 Apr 2025 09:18:27 GMT

File type

Size
8.2 kB (8166 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /btmlastretire1224/dff20e6a191da40e3d172cffea8fd36b/48/2705409033/139970/e5d60a434d0bc94736a87871f507f1a2/63511 HTTP/1.1
Host: click.traderconsul.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 14 Mar 2025 00:17:01 GMT
content-type: text/html; charset=UTF-8
location: https://verifiedlinks.org/go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8]
cache-control: max-age=600
expires: Fri, 14 Mar 2025 00:27:00 GMT
vary: User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qwueJQEk8vrshlM4m2pipnYK%2Fb6F0rY0G2DtGVNJ49K2oVNZcU%2BioslcC%2Fa45mKpXa6WwiS%2BXHZpnJTgGqyrWLp1C907n%2BMKEXpfykuojZayhIegeH3ka9oyqOTKCbnjSv8uSJBOvORa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91ff95eea864712d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=58544&min_rtt=57970&rtt_var=17440&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3268&recv_bytes=1342&delivery_rate=59247&cwnd=253&unsent_bytes=0&cid=e6109eeffbb6bfe4&ts=734&x=0"
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=JwVArgR8ZMxAnegc9eXdRk&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=wQmAmvzzQT484RpunBpuLq&sid=5TMswpJxhuZB6hug8PV88m&cid=lp-JwVArgR8ZMxAnegc9eXdRk&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rf=&rx=1280&ry=1024&tz=%2B00%3A00

35.192.151.63

200 OK

35 B

URL GET
api.leadpages.io/analytics/v1/events/capture?k=view&a=leadpage&l=JwVArgR8ZMxAnegc9eXdRk&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=wQmAmvzzQT484RpunBpuLq&sid=5TMswpJxhuZB6hug8PV88m&cid=lp-JwVArgR8ZMxAnegc9eXdRk&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rf=&rx=1280&ry=1024&tz=%2B00%3A00
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint96:E3:23:86:7F:F7:F1:E3:C7:DE:12:0B:DD:70:43:5E:FE:ED:29:58
ValidityFri, 17 Jan 2025 19:24:06 GMT - Thu, 17 Apr 2025 19:24:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/events/capture?k=view&a=leadpage&l=JwVArgR8ZMxAnegc9eXdRk&v=&e=&st=&lc=en-US&pid=bb4wMKcXKB896PwqF4vMVT-default-prop&uid=wQmAmvzzQT484RpunBpuLq&sid=5TMswpJxhuZB6hug8PV88m&cid=lp-JwVArgR8ZMxAnegc9eXdRk&uri=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rf=&rx=1280&ry=1024&tz=%2B00%3A00 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
Date: Fri, 14 Mar 2025 00:17:10 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
access-control-max-age: 600
x-request-id: 02i094bno33kfrdea480
set-cookie: view.bb4wMKcXKB896PwqF4vMVT-default-prop.JwVArgR8ZMxAnegc9eXdRk=1741911430000; Domain=api.leadpages.io; expires=Sat, 15 Mar 2025 00:17:10 GMT; HttpOnly; Max-Age=86400; Path=/analytics/v1/events/capture; SameSite=None; Secure
access-control-allow-credentials: true
X-Forwarded-For: 109.169.118.111

js.center.io/center.js

216.239.34.21

200 OK

13 kB

URL GET
js.center.io/center.js
IP
216.239.34.21:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subjectjs.center.io
Fingerprint48:67:92:8B:0B:9A:A7:42:7F:A6:B7:E1:60:6E:80:AB:3A:2B:9E:54
ValidityFri, 07 Feb 2025 08:26:28 GMT - Thu, 08 May 2025 09:18:00 GMT

File type
JavaScript source, ASCII text, with very long lines (566)
Size
13 kB (12555 bytes)
Hash
60f05ff45d707fe36d87b75bf181800d
e34d94b519ed465481596bcff099467feb0aafdd
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

HTTP Headers

GET /center.js HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Cookie: centerVisitorId=wQmAmvzzQT484RpunBpuLq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-cloud-trace-context: 037ec10ac6bc430e8005d084090fa61a
content-encoding: gzip
server: Google Frontend
content-length: 5417
date: Fri, 14 Mar 2025 00:15:15 GMT
expires: Fri, 14 Mar 2025 00:20:15 GMT
cache-control: public, max-age=300
age: 115
etag: "OMWYXg"
content-type: application/javascript
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=vohhuy2Qn63SPxasw5ck8D&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=424,450,1,927

35.192.151.63

200 OK

35 B

URL GET
api.leadpages.io/analytics/v1/observations/capture?version=1.8.6&correlateBy=vohhuy2Qn63SPxasw5ck8D&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=424,450,1,927
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint96:E3:23:86:7F:F7:F1:E3:C7:DE:12:0B:DD:70:43:5E:FE:ED:29:58
ValidityFri, 17 Jan 2025 19:24:06 GMT - Thu, 17 Apr 2025 19:24:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.8.6&correlateBy=vohhuy2Qn63SPxasw5ck8D&origin=center-js&kind=timer,timer,counter,timer&label=load-center,load-identify,ident-new,send-events&value=424,450,1,927 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
Date: Fri, 14 Mar 2025 00:17:14 GMT
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: LP-Security-Token
x-request-id: 02i095gctvi9mjdu7in0
access-control-max-age: 600
access-control-allow-credentials: true
X-Forwarded-For: 109.169.118.111

connect.facebook.net/signals/config/490765829848240?v=2.9.187&r=stable&domain=go.behindthemarkets.com&hme=9d6c2cc137748d003f279fac8d52b2defc993e1177ef802e0d5b230c72882031&ex_m=71%2C123%2C108%2C112%2C62%2C4%2C101%2C70%2C16%2C98%2C90%2C51%2C55%2C177%2C180%2C192%2C188%2C189%2C191%2C29%2C102%2C53%2C78%2C190%2C172%2C175%2C185%2C186%2C193%2C134%2C41%2C198%2C195%2C196%2C34%2C147%2C15%2C50%2C202%2C201%2C136%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C109%2C52%2C111%2C39%2C110%2C30%2C95%2C26%2C173%2C176%2C144%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C103%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C105%2C104%2C106%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C107%2C45%2C80%2C69%2C113%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C114

31.13.72.12

200 OK

91 kB

URL GET
connect.facebook.net/signals/config/490765829848240?v=2.9.187&r=stable&domain=go.behindthemarkets.com&hme=9d6c2cc137748d003f279fac8d52b2defc993e1177ef802e0d5b230c72882031&ex_m=71%2C123%2C108%2C112%2C62%2C4%2C101%2C70%2C16%2C98%2C90%2C51%2C55%2C177%2C180%2C192%2C188%2C189%2C191%2C29%2C102%2C53%2C78%2C190%2C172%2C175%2C185%2C186%2C193%2C134%2C41%2C198%2C195%2C196%2C34%2C147%2C15%2C50%2C202%2C201%2C136%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C109%2C52%2C111%2C39%2C110%2C30%2C95%2C26%2C173%2C176%2C144%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C103%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C105%2C104%2C106%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C107%2C45%2C80%2C69%2C113%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C114
IP
31.13.72.12:443
ASN
#32934 FACEBOOK

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerDigiCert Inc
Subject*.facebook.com
FingerprintAE:DB:11:61:EF:0F:07:55:62:1C:75:93:06:3C:29:74:82:D3:96:68
ValiditySat, 21 Dec 2024 00:00:00 GMT - Fri, 21 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5594)
Size
91 kB (91239 bytes)
Hash
0a1cb0b89c4304f3ed51c52654171d10
469aa057fe64b6c73abd5b2795292936dd89b4d6
3f89892e8bebe37e652b44428a3b394db78ab9b68a3b9345e620339cb02888c5

HTTP Headers

GET /signals/config/490765829848240?v=2.9.187&r=stable&domain=go.behindthemarkets.com&hme=9d6c2cc137748d003f279fac8d52b2defc993e1177ef802e0d5b230c72882031&ex_m=71%2C123%2C108%2C112%2C62%2C4%2C101%2C70%2C16%2C98%2C90%2C51%2C55%2C177%2C180%2C192%2C188%2C189%2C191%2C29%2C102%2C53%2C78%2C190%2C172%2C175%2C185%2C186%2C193%2C134%2C41%2C198%2C195%2C196%2C34%2C147%2C15%2C50%2C202%2C201%2C136%2C18%2C40%2C1%2C43%2C66%2C67%2C68%2C72%2C94%2C17%2C14%2C97%2C93%2C92%2C109%2C52%2C111%2C39%2C110%2C30%2C95%2C26%2C173%2C176%2C144%2C87%2C57%2C85%2C33%2C74%2C0%2C96%2C32%2C28%2C83%2C84%2C89%2C47%2C46%2C88%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C58%2C63%2C65%2C76%2C54%2C103%2C27%2C77%2C9%2C8%2C81%2C48%2C21%2C105%2C104%2C106%2C99%2C10%2C20%2C3%2C38%2C75%2C19%2C5%2C91%2C82%2C44%2C35%2C86%2C2%2C36%2C64%2C42%2C107%2C45%2C80%2C69%2C113%2C61%2C60%2C31%2C100%2C59%2C56%2C49%2C79%2C73%2C24%2C114 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-d7qech6J' *.facebook.com *.fbcdn.net *.facebook.net blob: data: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?1
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: JSpIvwkDnSzw6PReTJAj+dhg0REIdRCecQbIhnY9PWL7XvcHKmL76YMmlmcPKXJS5s6ZmFeJS/pZAfwOiUeh4Q==
date: Fri, 14 Mar 2025 00:17:09 GMT
x-fb-connection-quality: GOOD; q=0.7, rtt=69, rtx=0, c=70, mss=1248, tbw=70359, tp=-1, tpl=-1, uplat=110, ullat=0
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Libre+Baskerville:300,400,500,700|Alegreya+Sans:300,400,500,700|Open+Sans:300,400,500,700

142.250.74.74

200 OK

66 kB

URL GET
fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Libre+Baskerville:300,400,500,700|Alegreya+Sans:300,400,500,700|Open+Sans:300,400,500,700
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (1572)
Size
66 kB (65806 bytes)
Hash
6c89c7e5deacb2f0d71a071e6c9efdb2
954f62ebccb5cb40743831b8c19b4778e3996276
fa73b2cd190270b721ee9b27c83797b64d369d17ed5fe1b7b824202aed59591e

HTTP Headers

GET /css?family=Roboto:300,400,500,700|Roboto+Condensed:300,400,500,700|Libre+Baskerville:300,400,500,700|Alegreya+Sans:300,400,500,700|Open+Sans:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 14 Mar 2025 00:17:07 GMT
date: Fri, 14 Mar 2025 00:17:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX

142.250.74.72

200 OK

377 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-WNRH3TX
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (14132)
Size
377 kB (377315 bytes)
Hash
f259f8b761ea1630db4d842c20bd23cf
42bf92127e40880eb42dbee3969953922a3e6d07
e62a6cee76275ab15078f1b4a7789d954c01e31a7f419232a78b9c084da197cc

HTTP Headers

GET /gtm.js?id=GTM-WNRH3TX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 14 Mar 2025 00:17:08 GMT
expires: Fri, 14 Mar 2025 00:17:08 GMT
cache-control: private, max-age=900
last-modified: Fri, 14 Mar 2025 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1262:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1262:0
report-to: {"group":"ascgcycc:1262:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1262:0"}],}
server: Google Tag Manager
content-length: 124472
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.163

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:19:19 GMT
expires: Fri, 13 Mar 2026 09:19:19 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
age: 53869
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=490765829848240&ev=Lead&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rl=&if=false&ts=1741911429803&sw=1280&sh=1024&v=2.9.187&r=stable&ec=1&o=4126&fbp=fb.1.1741911429789.62831188551639737&ler=empty&it=1741911429311&coo=false&rqm=GET

31.13.72.36

200 OK

0 B

URL GET
www.facebook.com/tr/?id=490765829848240&ev=Lead&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rl=&if=false&ts=1741911429803&sw=1280&sh=1024&v=2.9.187&r=stable&ec=1&o=4126&fbp=fb.1.1741911429789.62831188551639737&ler=empty&it=1741911429311&coo=false&rqm=GET
IP
31.13.72.36:443
ASN
#32934 FACEBOOK

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerDigiCert Inc
Subject*.facebook.com
FingerprintAE:DB:11:61:EF:0F:07:55:62:1C:75:93:06:3C:29:74:82:D3:96:68
ValiditySat, 21 Dec 2024 00:00:00 GMT - Fri, 21 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=490765829848240&ev=Lead&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&rl=&if=false&ts=1741911429803&sw=1280&sh=1024&v=2.9.187&r=stable&ec=1&o=4126&fbp=fb.1.1741911429789.62831188551639737&ler=empty&it=1741911429311&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
x-fb-connection-quality: GOOD; q=0.7, rtt=65, rtx=0, c=10, mss=1248, tbw=3381, tp=-1, tpl=-1, uplat=0, ullat=0
alt-svc: h3=":443"; ma=86400
date: Fri, 14 Mar 2025 00:17:10 GMT
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700

142.250.74.74

200 OK

25 kB

URL GET
fonts.googleapis.com/css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintF1:11:17:AF:9C:89:34:EE:D5:CB:84:40:84:EA:01:19:A9:F6:ED:C2
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
ASCII text, with very long lines (1572)
Size
25 kB (24669 bytes)
Hash
89f85eb6acc128ea75ac274b7fed9fde
5bec90ce47fad2491fae3828c333df748b5290a6
fc84833f14386b46fe499b08ddd5e4c6bddab59777770d84d3aace5a1e14e7f1

HTTP Headers

GET /css?family=Open+Sans:300,400,500,700|Fjalla+One:300,400,500,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://btm-btm-btm.lpages.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 14 Mar 2025 00:17:10 GMT
date: Fri, 14 Mar 2025 00:17:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:21:17 GMT
expires: Fri, 13 Mar 2026 09:21:17 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
age: 53753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

verifiedlinks.org/c/3415790118458813203

104.18.24.96

200 OK

0 B

URL User Request GET
verifiedlinks.org/c/3415790118458813203
IP
104.18.24.96:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectverifiedlinks.org
Fingerprint3B:DD:7F:E7:1B:15:74:6E:9A:DD:86:1D:77:58:03:C6:7C:D4:6B:4E
ValidityThu, 20 Feb 2025 17:32:01 GMT - Wed, 21 May 2025 18:31:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c/3415790118458813203 HTTP/1.1
Host: verifiedlinks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=rocoSAnIeS8mnmxpgtVXTB4pm8ylraNiXAbvSanm4F8-1741911422-1.0.1.1-Kl2o9B7Ye4C0GEamQzXzLiwgvt6yNz02B6ZbRGQlOPbdKeIzl7Rxcyj8npPUq9S_yInWokRBaPnvUaRETC4ud3LQGRTuIyOeSVa2XwKC1wU; PHPSESSID=d9a6e2a27711e94ed2e28789d107c618; bt_tracking_product_63634=b709c42a6d4d2d00114fc4d0f5b72ec6197c1ddb12025042007014c0f33f4bc0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:04 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI ADM DEV PSAi NAV OUR STP IND DEM"
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
refresh: 1; url=https://www.behindthemarkets-btm.com/7BZ2W/GPMNT6/?sub1=3415790118458813203
vary: Accept-Encoding,User-Agent
set-cookie: pixel_session_hash_63634=3415790118458813203; expires=Tue, 13-May-2025 00:17:04 GMT; Max-Age=5184000; path=/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91ff9600188356ba-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1034711592.1741911430&gtm=45je53d0v874108444z8812088355za200zb812088355&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&z=1846333363

142.250.74.131

200 OK

42 B

URL GET
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1034711592.1741911430&gtm=45je53d0v874108444z8812088355za200zb812088355&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&z=1846333363
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google.no
Fingerprint26:B7:26:CB:C6:A9:06:E9:C0:85:18:1A:20:54:87:E3:8B:35:EC:7C
ValidityWed, 26 Feb 2025 15:35:45 GMT - Wed, 21 May 2025 15:35:44 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8R6YNFMJ23&cid=1034711592.1741911430&gtm=45je53d0v874108444z8812088355za200zb812088355&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&z=1846333363 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 14 Mar 2025 00:17:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.behindthemarkets-btm.com/7BZ2W/GPMNT6/?sub1=3415790118458813203

104.21.112.1

302 Found

127 kB

URL User Request GET
www.behindthemarkets-btm.com/7BZ2W/GPMNT6/?sub1=3415790118458813203
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbehindthemarkets-btm.com
Fingerprint13:E4:44:A0:4B:D1:E0:1D:E1:79:88:03:9D:F6:ED:5B:4B:4B:85:2A
ValidityFri, 14 Feb 2025 23:29:28 GMT - Fri, 16 May 2025 00:26:43 GMT

File type

Size
127 kB (127268 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7BZ2W/GPMNT6/?sub1=3415790118458813203 HTTP/1.1
Host: www.behindthemarkets-btm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 14 Mar 2025 00:17:06 GMT
content-type: text/html; charset=utf-8
location: https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
set-cookie: uniqueClick_GPMNT6=ce47da46-ff5d-47a0-ba0a-94d1cc19b5ac:1741911426; Path=/; Expires=Sat, 15 Mar 2025 00:17:06 GMT; Secure; SameSite=None
transaction_id=6a6358780b904f4cb51a193baf5a4ee3; Path=/; Expires=Thu, 12 Jun 2025 00:17:06 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 571770b8-cdcc-4aa4-a7d9-86c0fed4ffc9
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WPtAXDbMQTE1pPdiln5mKBbKgGGtZs5ma1ngXPJk%2B1BX4J4zP%2BIsQ4T4ZCLiVS%2BvPn%2BQPI42dez7fgFsLReRU7AdvlqrAUzwsYzD0t2acw9CDofERPFZFYzujn3mZa7jS1JP1kaKRAE40FjJOVGu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91ff960c5b570afe-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=62502&min_rtt=58486&rtt_var=17691&sent=7&recv=9&lost=0&retrans=0&sent_bytes=3213&recv_bytes=1164&delivery_rate=63981&cwnd=253&unsent_bytes=0&cid=f06294342f8820b8&ts=260&x=0"
X-Firefox-Spdy: h2

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

248 kB

URL GET
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:443
ASN
#32934 FACEBOOK

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerDigiCert Inc
Subject*.facebook.com
FingerprintAE:DB:11:61:EF:0F:07:55:62:1C:75:93:06:3C:29:74:82:D3:96:68
ValiditySat, 21 Dec 2024 00:00:00 GMT - Fri, 21 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9516)
Size
248 kB (247651 bytes)
Hash
bb1c1393731058927d584755de660d72
5529d50e8de66acbfa522f88eb6db7ef11b3fa23
c493191e77e3cc5e32178e85a1d89de39ac93ba13ccb801cca86cb9defe7db62

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-security-policy: default-src 'self' blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;script-src 'nonce-XN9eiWew' *.facebook.com *.fbcdn.net *.facebook.net blob: data: 'self';style-src 'self' data: blob: 'unsafe-inline';connect-src 'self' data: blob: *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com;font-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;img-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;media-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;child-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;frame-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;manifest-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;object-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;worker-src 'self' data: blob: facebook.net *.facebook.net facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?1
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: oauRQzNDYjbB6VGLodTmvk+5VmVkI1IE3JHbAhlr+gclMWm67yjvoOIzqXqdPFWbB9K4DM3ZG9HXEoz5Nfy8/Q==
content-length: 63014
date: Fri, 14 Mar 2025 00:17:09 GMT
x-fb-connection-quality: GOOD; q=0.7, rtt=64, rtx=0, c=13, mss=1248, tbw=3707, tp=-1, tpl=-1, uplat=0, ullat=-1
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5

35.202.21.90

200 OK

95 kB

URL GET
btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
IP
35.202.21.90:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subject*.lpages.co
FingerprintEF:D0:15:DA:8B:C7:12:AA:26:91:02:02:A3:A9:FE:C8:B0:03:18:E9
ValidityFri, 17 Jan 2025 19:11:44 GMT - Thu, 17 Apr 2025 19:11:43 GMT

File type

Size
95 kB (95307 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5 HTTP/1.1
Host: btm-btm-btm.lpages.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:09 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: no-cache
x-cache: MISS, HIT
last-modified: Mon, 06 Jan 2025 19:16:39 GMT
etag: W/"dfb08e5b7c4351d8e0f14eeab24ae03d"
server: Leadpages
strict-transport-security: max-age=15768000
content-encoding: br
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=2e3hMRFLgFSQ5KQBnYdBFd&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=1212,1,7QeXmQnVq74mQmAvAdBbt4

35.192.151.63

200 OK

35 B

URL GET
api.leadpages.io/analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=2e3hMRFLgFSQ5KQBnYdBFd&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=1212,1,7QeXmQnVq74mQmAvAdBbt4
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint96:E3:23:86:7F:F7:F1:E3:C7:DE:12:0B:DD:70:43:5E:FE:ED:29:58
ValidityFri, 17 Jan 2025 19:24:06 GMT - Thu, 17 Apr 2025 19:24:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?origin=&version=1.2.2&correlateBy=2e3hMRFLgFSQ5KQBnYdBFd&kind=timer,counter,text&label=lb_embed_embed_script_load,lb_embed_exit-intent_tigger_queue,lb_embed_leadbox_embedded&value=1212,1,7QeXmQnVq74mQmAvAdBbt4 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
x-request-id: 02i0942fj6no0ejn4ts0
Server: Stargate
Date: Fri, 14 Mar 2025 00:17:10 GMT
access-control-expose-headers: LP-Security-Token
access-control-allow-credentials: true
access-control-allow-origin: https://go.behindthemarkets.com
access-control-max-age: 600
X-Forwarded-For: 109.169.118.111

stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ

107.178.211.97

200 OK

43 B

URL GET
stats.vidalytics.com/awesome-log?cid=PzpZ_7KZ
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
57f187c7a868faeac558007a8eb6cb2e
11ab10ab109fdb53d91d444ac781101f5a6360c6
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

HTTP Headers

GET /awesome-log?cid=PzpZ_7KZ HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-headers: Accept, Content-Type, Origin, Range, X-Requested-With
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
cache-control: no-cache, public, max-age=2592000
content-length: 43
content-type: image/gif
etag: "PzpZ_7KZ/xyTsaf67ohnZGfdu"
date: Fri, 14 Mar 2025 00:17:11 GMT
x-envoy-upstream-service-time: 3
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
X-Firefox-Spdy: h2

api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=107,586,376,1072,0,1162,2375,2383,5491,5492

35.192.151.63

200 OK

35 B

URL GET
api.leadpages.io/analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=107,586,376,1072,0,1162,2375,2383,5491,5492
IP
35.192.151.63:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerLet's Encrypt
Subject*.leadpages.io
Fingerprint96:E3:23:86:7F:F7:F1:E3:C7:DE:12:0B:DD:70:43:5E:FE:ED:29:58
ValidityFri, 17 Jan 2025 19:24:06 GMT - Thu, 17 Apr 2025 19:24:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /analytics/v1/observations/capture?version=1.7.13&origin=page-speed&kind=timer,timer,timer,timer,timer,timer,timer,timer,timer,timer&label=domain-lookup,connect,request,ttfb,response,loading,interactive,content-loaded,complete,load&value=107,586,376,1072,0,1162,2375,2383,5491,5492 HTTP/1.1
Host: api.leadpages.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Server: Stargate
Date: Fri, 14 Mar 2025 00:17:11 GMT
x-request-id: 02i094oq2jk29tppr3g0
access-control-allow-credentials: true
access-control-expose-headers: LP-Security-Token
X-Forwarded-For: 109.169.118.111

verifiedlinks.org/go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8]

104.18.24.96

403 Forbidden

8.2 kB

URL User Request GET
verifiedlinks.org/go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8]
IP
104.18.24.96:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectverifiedlinks.org
Fingerprint3B:DD:7F:E7:1B:15:74:6E:9A:DD:86:1D:77:58:03:C6:7C:D4:6B:4E
ValidityThu, 20 Feb 2025 17:32:01 GMT - Wed, 21 May 2025 18:31:45 GMT

File type
HTML document, ASCII text, with very long lines (8217), with no line terminators
Size
8.2 kB (8166 bytes)
Hash
6e65d5f5d3b3a1f118dad2079873c6b7
93b6f18bdfae6aea89fef627a101f53906d1ca2c
91f8d2470d228a35dc31aed52be64564b571cca62eb74cd80d93eca3a0d1f6a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /go?ehash=dff20e6a191da40e3d172cffea8fd36b&product=63634&ar=48&cid=139970&lid=e5d60a434d0bc94736a87871f507f1a2&slhash=63511&mtaid=[s7]&cid2=[s8] HTTP/1.1
Host: verifiedlinks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 14 Mar 2025 00:17:02 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cf-mitigated: challenge
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server-timing: chlray;desc="91ff95f4fa2a56ba"
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-chl-out: pFg018Chx815rYEOxPzN2b8CrL6zmX7dIaqAimaIB7SyBGAD6jx0cmLkCFfPt9O/NEYhtI6HvfCGEx6d/J4tJVuY+S1vNifS+PRLRlG46kBmPVsIm+m95Bvcv1x1DiyFkfYi1ZM6MSxHUHSq2AnlDw==$npzNNh2yTZ0s06GG5f8I5Q==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
set-cookie: __cf_bm=rocoSAnIeS8mnmxpgtVXTB4pm8ylraNiXAbvSanm4F8-1741911422-1.0.1.1-Kl2o9B7Ye4C0GEamQzXzLiwgvt6yNz02B6ZbRGQlOPbdKeIzl7Rxcyj8npPUq9S_yInWokRBaPnvUaRETC4ud3LQGRTuIyOeSVa2XwKC1wU; path=/; expires=Fri, 14-Mar-25 00:47:02 GMT; domain=.verifiedlinks.org; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 91ff95f4fa2a56ba-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

js.center.io/identify.html

216.239.34.21

200 OK

4.4 kB

URL GET
js.center.io/identify.html
IP
216.239.34.21:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subjectjs.center.io
Fingerprint48:67:92:8B:0B:9A:A7:42:7F:A6:B7:E1:60:6E:80:AB:3A:2B:9E:54
ValidityFri, 07 Feb 2025 08:26:28 GMT - Thu, 08 May 2025 09:18:00 GMT

File type
HTML document, ASCII text, with very long lines (4580), with no line terminators
Size
4.4 kB (4432 bytes)
Hash
dd3f28f59b3588a5565ac1762c05b783
9a2f893bfbeb4ac2e020a54eb38e51fad214376c
6bcffa59124c35fd0262b7892f8562fc2c00a7229d4e556efab74f3d0af8c1db

HTTP Headers

GET /identify.html HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-cloud-trace-context: 7bcb041f3c2279194d264df2e5a1981a
content-encoding: gzip
server: Google Frontend
content-length: 2016
date: Fri, 14 Mar 2025 00:13:03 GMT
expires: Fri, 14 Mar 2025 00:18:03 GMT
cache-control: public, max-age=300
age: 246
etag: "OMWYXg"
content-type: text/html
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j101&a=1528074723&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&ul=en-us&de=UTF-8&dt=BTM%20Last%20Retirement%20Stock%20Offer&sd=24-bit&sr=1280x1024&vp=1280x1024&je=0&_u=YADAAEABAAAAACAAI~&jid=427621916&gjid=672928644&cid=1034711592.1741911430&tid=UA-102395123-1&_gid=1655972628.1741911430&_r=1&_slc=1&gtm=45He53d0n81WNRH3TXv812088355za200&cd1=5&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&npa=1&z=1749083505

216.58.207.206

200 OK

3 B

URL POST
www.google-analytics.com/j/collect?v=1&_v=j101&a=1528074723&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&ul=en-us&de=UTF-8&dt=BTM%20Last%20Retirement%20Stock%20Offer&sd=24-bit&sr=1280x1024&vp=1280x1024&je=0&_u=YADAAEABAAAAACAAI~&jid=427621916&gjid=672928644&cid=1034711592.1741911430&tid=UA-102395123-1&_gid=1655972628.1741911430&_r=1&_slc=1&gtm=45He53d0n81WNRH3TXv812088355za200&cd1=5&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&npa=1&z=1749083505
IP
216.58.207.206:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
ASCII text, with no line terminators
Size
3 B (3 bytes)
Hash
dec002daa3f9abe33f5ab1a61ba58e91
b286614a767c86a75059fb1d4557be706e7c3812
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

HTTP Headers

POST /j/collect?v=1&_v=j101&a=1528074723&t=pageview&_s=1&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&ul=en-us&de=UTF-8&dt=BTM%20Last%20Retirement%20Stock%20Offer&sd=24-bit&sr=1280x1024&vp=1280x1024&je=0&_u=YADAAEABAAAAACAAI~&jid=427621916&gjid=672928644&cid=1034711592.1741911430&tid=UA-102395123-1&_gid=1655972628.1741911430&_r=1&_slc=1&gtm=45He53d0n81WNRH3TXv812088355za200&cd1=5&cd3=false&cd4=false&cd5=false&cd6=false&cd7=false&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&npa=1&z=1749083505 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://go.behindthemarkets.com
date: Fri, 14 Mar 2025 00:17:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgac:175:0
report-to: {"group":"ascnsrsgac:175:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
server: Golfe2
content-length: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.center.io/center.js

216.239.34.21

200 OK

13 kB

URL GET
js.center.io/center.js
IP
216.239.34.21:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subjectjs.center.io
Fingerprint48:67:92:8B:0B:9A:A7:42:7F:A6:B7:E1:60:6E:80:AB:3A:2B:9E:54
ValidityFri, 07 Feb 2025 08:26:28 GMT - Thu, 08 May 2025 09:18:00 GMT

File type
JavaScript source, ASCII text, with very long lines (566)
Size
13 kB (12555 bytes)
Hash
60f05ff45d707fe36d87b75bf181800d
e34d94b519ed465481596bcff099467feb0aafdd
cc08eb3316359de0d8f025efee489da73ca552209a0c9cab6b00894d7fa21d42

HTTP Headers

GET /center.js HTTP/1.1
Host: js.center.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-cloud-trace-context: ce7720afeba061af2942aca525cb0da4
content-encoding: gzip
server: Google Frontend
content-length: 5417
date: Fri, 14 Mar 2025 00:13:32 GMT
expires: Fri, 14 Mar 2025 00:18:32 GMT
cache-control: public, max-age=300
age: 216
etag: "OMWYXg"
content-type: application/javascript
X-Firefox-Spdy: h2

lh3.googleusercontent.com/gkuzPxB1Sw3CaBEj0HFeNcmlbW8juInWOJXmoS8X08alVbv7CbVjXZp6FHRvWNoAM0kIV4T0uE74JEsKRjPgiZsf5p4RH7VGLhY=w1280

142.250.74.161

200 OK

87 kB

URL GET
lh3.googleusercontent.com/gkuzPxB1Sw3CaBEj0HFeNcmlbW8juInWOJXmoS8X08alVbv7CbVjXZp6FHRvWNoAM0kIV4T0uE74JEsKRjPgiZsf5p4RH7VGLhY=w1280
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=4, description=Business data and stock market analysis, currency exchange. Businessman analyzing financial graph, forex chart, economic growth, software=Picasa, copyright=TippaPatt], baseline, precision 8, 1280x424, components 3
Size
87 kB (86558 bytes)
Hash
888cc306c2c502da9d8d3041e37795d0
ebdf7e9e395ee5724b314f0d00882f968299aeab
b07f87174190dc351de0d6aac5f29c618af1d0cbac8956cf48c1e8b7b3d30eb8

HTTP Headers

GET /gkuzPxB1Sw3CaBEj0HFeNcmlbW8juInWOJXmoS8X08alVbv7CbVjXZp6FHRvWNoAM0kIV4T0uE74JEsKRjPgiZsf5p4RH7VGLhY=w1280 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 86558
x-xss-protection: 0
date: Thu, 13 Mar 2025 20:29:47 GMT
expires: Fri, 14 Mar 2025 20:29:47 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
content-type: image/jpeg
vary: Origin
age: 13641
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-16670774721&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719

142.250.74.72

200 OK

401 kB

URL GET
www.googletagmanager.com/gtag/js?id=AW-16670774721&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
401 kB (400977 bytes)
Hash
fdf4d67eafbd7c20fb7746cab3c23356
1bbf92f19a62d75468e77dc0368bdb3f49273f28
365174bee9af375f5fccf552a9389f2c6a0df4979cc19a0c3fe04491af0c6531

HTTP Headers

GET /gtag/js?id=AW-16670774721&l=dataLayer&cx=c&gtm=45He53d0v812088355za200&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 14 Mar 2025 00:17:09 GMT
expires: Fri, 14 Mar 2025 00:17:09 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 132464
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
c3efe8346d884265db9dbb71aef7e61a
22c45c28d5447e51d470b4be05ab6a78c66c5f69
c14b9db4f637fcb570d2c827237ec2d5afa703e77d623a29386492316779d67e

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 484
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Fri, 14 Mar 2025 00:17:12 GMT
content-length: 16
x-envoy-upstream-service-time: 1
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je53d0v874108444z8812088355za200zb812088355&_p=1741911428474&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=1034711592.1741911430.&upn.variant_id=0&upn.experiment_id=0&tfd=9393

216.239.34.36

204 No Content

0 B

URL POST
region1.analytics.google.com/g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je53d0v874108444z8812088355za200zb812088355&_p=1741911428474&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=1034711592.1741911430.&upn.variant_id=0&upn.experiment_id=0&tfd=9393
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8R6YNFMJ23&gtm=45je53d0v874108444z8812088355za200zb812088355&_p=1741911428474&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102308675~102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&cid=1034711592.1741911430&ul=en-us&sr=1280x1024&frm=0&pscdl=noapi&_s=2&sid=1741911429&sct=1&seg=0&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F%3F_ef_transaction_id%3D6a6358780b904f4cb51a193baf5a4ee3%26utm_source%3D5%26utm_campaign%3D%26utm_medium%3D%26id%3D3415790118458813203%26iocid%3D%26aff%3D5%26creative_id%3D%26oid%3D277%26message_id%3D%26link_id%3D&dt=BTM%20Last%20Retirement%20Stock%20Offer&en=fetch_user_data&epn.variant_id=0&up.custom_client_id=1034711592.1741911430.&upn.variant_id=0&upn.experiment_id=0&tfd=9393 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.behindthemarkets.com/
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://go.behindthemarkets.com
date: Fri, 14 Mar 2025 00:17:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:137:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:137:0
report-to: {"group":"ascnsrsggc:137:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:137:0"}],}
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lh3.googleusercontent.com/uWbfM9kdLOUOO7e7Oo3SHGl-evxMsXn3Lr-DhULu9YBHexURg7_-EzYc_1re7bKq122lJyi-MikC47mcHwkz5ki_2IB43rFblMw=w16

142.250.74.161

200 OK

405 B

URL GET
lh3.googleusercontent.com/uWbfM9kdLOUOO7e7Oo3SHGl-evxMsXn3Lr-DhULu9YBHexURg7_-EzYc_1re7bKq122lJyi-MikC47mcHwkz5ki_2IB43rFblMw=w16
IP
142.250.74.161:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintF0:E7:0B:8F:93:C0:9E:F3:15:26:E3:94:7C:D8:3F:00:DE:01:8F:46
ValidityWed, 26 Feb 2025 15:33:54 GMT - Wed, 21 May 2025 15:33:53 GMT

File type
PNG image data, 16 x 6, 8-bit/color RGBA, non-interlaced
Size
405 B (405 bytes)
Hash
27879dba27309770d3f23825a76985e4
623e7c03a6c6e579a7e039446f9831351944ab4c
3b6d534b315b9f52a295a10e0aac18512854c3909892d368010649ac683ed02a

HTTP Headers

GET /uWbfM9kdLOUOO7e7Oo3SHGl-evxMsXn3Lr-DhULu9YBHexURg7_-EzYc_1re7bKq122lJyi-MikC47mcHwkz5ki_2IB43rFblMw=w16 HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 405
x-xss-protection: 0
date: Thu, 13 Mar 2025 21:07:06 GMT
expires: Fri, 14 Mar 2025 21:07:06 GMT
cache-control: public, max-age=86400, no-transform
age: 11401
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2

142.250.74.163

200 OK

45 kB

URL GET
fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://btm-btm-btm.lpages.co/serve-leadbox/7QeXmQnVq74mQmAvAdBbt4/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&aff=5&creative_id=&id=3415790118458813203&iocid=&link_id=&message_id=&oid=277&utm_campaign=&utm_medium=&utm_source=5
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintA4:5F:89:8D:68:B4:5F:99:BE:F5:66:6F:C1:5E:A5:8C:72:BF:1E:D5
ValidityWed, 26 Feb 2025 15:33:59 GMT - Wed, 21 May 2025 15:33:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 44584, version 1.0
Size
45 kB (44584 bytes)
Hash
e04669366cda1aca21161f9e22bac3ae
157532ec5cdb07c395eb96aa6e9d0de1eeb869a7
43a079fd739dffa727de659b5bbf44596031aa7542c8a8afbc54a243aab96b47

HTTP Headers

GET /s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://btm-btm-btm.lpages.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44584
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Mar 2025 09:23:01 GMT
expires: Fri, 13 Mar 2026 09:23:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Apr 2023 20:46:24 GMT
content-type: font/woff2
age: 53649
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_640x360_900000_variant.m3u8

205.234.175.175

200 OK

68 kB

URL GET
fast.vidalytics.com/video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_640x360_900000_variant.m3u8
IP
205.234.175.175:443
ASN
#30081 CACHENETWORKS

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
M3U playlist, ASCII text
Size
68 kB (68254 bytes)
Hash
90bd2489a4997e8a33058771f8a76e49
45fa99ff880813981f03bdc42a7b283b7c09cb27
d08d12d128cc0330727660941e868363f737b706806e15c51e2867f91ea52e2e

HTTP Headers

GET /video/PzpZ_7KZ/IZqqOfKgqSFiUhZW/143354/141731__FFMPEG/video_TS_h264_aac_96000_640x360_900000_variant.m3u8 HTTP/1.1
Host: fast.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 00:17:11 GMT
content-type: application/vnd.apple.mpegurl
content-length: 68254
x-cff: B
x-guploader-uploadid: AKDAyIuTWBpsKFPzkH46UdAb2uY3X7EDGaa-pZN1Qaf9jaN_wTvapwZA4LZlePbVxsPj1VFp9nGP6gc
x-goog-generation: 1722254434583874
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 68254
x-goog-hash: crc32c=Bo5RCA==, md5=kL0kiaSZfoozBYdx+KduSQ==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
expires: Mon, 02 Mar 2026 18:43:49 GMT
cache-control: public, max-age=31104000
last-modified: Mon, 29 Jul 2024 12:00:34 GMT
etag: "90bd2489a4997e8a33058771f8a76e49"
x-lb-backend: gcs-prod
x-lb-cache: revalidated
x-cf3: H
cf4age: 250878
x-cf-tsc: 1741898865
cf4ttl: 30853122.000
x-cdn: 8
x-cdn-site: c8-prod
access-control-expose-headers: Content-Type, server, x-hw, x-cdn, x-cdn-info, x-cache, x-cache-hits, x-served-by, x-goog-stored-content-length, content-length, x-lb-backend, x-lb-cache, x-cf1, x-cf2, x-cf3, x-cff
x-cf2: H
server: CFS 1124
x-cf1: 42305:fC.arn1:co:1736526511:cacheN.arn1-01:B
x-cf-reqid: 6026b013fb81993bdf61da1b8d603e17
accept-ranges: bytes
X-Firefox-Spdy: h2

stats.vidalytics.com/scribe

107.178.211.97

200 OK

16 B

URL POST
stats.vidalytics.com/scribe
IP
107.178.211.97:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerSectigo Limited
Subject*.vidalytics.com
Fingerprint3A:95:4C:0B:62:16:0C:59:B3:98:1E:33:58:C9:DE:90:23:BB:7E:FB
ValidityWed, 13 Nov 2024 00:00:00 GMT - Fri, 21 Nov 2025 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
c3efe8346d884265db9dbb71aef7e61a
22c45c28d5447e51d470b4be05ab6a78c66c5f69
c14b9db4f637fcb570d2c827237ec2d5afa703e77d623a29386492316779d67e

HTTP Headers

POST /scribe HTTP/1.1
Host: stats.vidalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 750
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-methods: POST,OPTIONS
content-type: application/json
date: Fri, 14 Mar 2025 00:17:12 GMT
content-length: 16
x-envoy-upstream-service-time: 3
server: istio-envoy
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: Access-Control-Allow-Origin,Cache-Control,Content-Length,Content-Type,ETag,If-None-Match
X-Firefox-Spdy: h2

www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1067521326.1741911429&dt=BTM%20Last%20Retirement%20Stock%20Offer&auid=1153202523.1741911429&navt=n&npa=1&gtm=45He53d0v812088355za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&tft=1741911429215&tfd=3524&apve=1

216.58.207.228

200 OK

0 B

URL POST
www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1067521326.1741911429&dt=BTM%20Last%20Retirement%20Stock%20Offer&auid=1153202523.1741911429&navt=n&npa=1&gtm=45He53d0v812088355za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&tft=1741911429215&tfd=3524&apve=1
IP
216.58.207.228:443
ASN
#15169 GOOGLE

Requested by
https://go.behindthemarkets.com/btm-lrs-vsl-6-month-trial/?_ef_transaction_id=6a6358780b904f4cb51a193baf5a4ee3&utm_source=5&utm_campaign=&utm_medium=&id=3415790118458813203&iocid=&aff=5&creative_id=&oid=277&message_id=&link_id=
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint53:F5:E3:47:F6:DC:80:83:14:A1:CE:39:7B:A1:98:61:74:03:86:E2
ValidityMon, 06 Jan 2025 08:37:56 GMT - Mon, 31 Mar 2025 08:37:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ccm/collect?en=page_view&dl=https%3A%2F%2Fgo.behindthemarkets.com%2Fbtm-lrs-vsl-6-month-trial%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1067521326.1741911429&dt=BTM%20Last%20Retirement%20Stock%20Offer&auid=1153202523.1741911429&navt=n&npa=1&gtm=45He53d0v812088355za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102482433~102587591~102640600~102717422~102788824~102791784~102813109~102814060~102825837~102879719&tft=1741911429215&tfd=3524&apve=1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://go.behindthemarkets.com
DNT: 1
Connection: keep-alive
Referer: https://go.behindthemarkets.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
date: Fri, 14 Mar 2025 00:17:09 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-type: text/plain
pragma: no-cache
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://go.behindthemarkets.com
access-control-expose-headers: date,vary,vary,vary,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML