behindmlm.com Open in urlscan Pro
35.190.67.83 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
Submission: On August 16 via manual (August 16th 2022, 3:43:55 pm UTC) from CA — Scanned from CA

Summary HTTP 144 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 23 IPs in 1 countries across 17 domains to perform 144 HTTP transactions. The main IP is 35.190.67.83, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is behindmlm.com.
TLS certificate: Issued by R3 on June 17th 2022. Valid for: 3 months.

This is the only time behindmlm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	35.190.67.83 35.190.67.83	15169 (GOOGLE) (GOOGLE)
17	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:822::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2606:2800:220... 2606:2800:220:de:468:2285:c1:4a3	15133 (EDGECAST) (EDGECAST)
1 1	2607:f8b0:400... 2607:f8b0:4006:80c::200e	15169 (GOOGLE) (GOOGLE)
1 3	2607:f8b0:400... 2607:f8b0:4006:81c::2004	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
12	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:808::200e	15169 (GOOGLE) (GOOGLE)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	142.251.40.162 142.251.40.162	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:807::2002	15169 (GOOGLE) (GOOGLE)
14	2607:f8b0:400... 2607:f8b0:4006:816::200e	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80d::200a	15169 (GOOGLE) (GOOGLE)
22	2607:f8b0:400... 2607:f8b0:4006:823::2001	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81e::2003	15169 (GOOGLE) (GOOGLE)
3 6	142.250.80.70 142.250.80.70	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
144	23

33 35.190.67.83 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 83.67.190.35.bc.googleusercontent.com

behindmlm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2607:f8b0:4006:817::2002 (New York, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::2008 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:220:de:468:2285:c1:4a3 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80c::200e (New York, United States) 1 redirects

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::2004 (New York, United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:80e::2002 (New York, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::200e (New York, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2002 (New York, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::2002 (New York, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2607:f8b0:4006:816::200e (New York, United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80d::200a (New York, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2607:f8b0:4006:823::2001 (New York, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80f::2002 (New York, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81e::2003 (New York, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.80.70 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:824::2003 (New York, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	516 KB
33	behindmlm.com behindmlm.com	264 KB
19	google.com 2 redirects cse.google.com — Cisco Umbrella Rank: 3128 www.google.com — Cisco Umbrella Rank: 10 adservice.google.com — Cisco Umbrella Rank: 98 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2085	50 KB
18	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 ad.doubleclick.net — Cisco Umbrella Rank: 214	126 KB
12	gstatic.com www.gstatic.com fonts.gstatic.com	202 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 674 syndication.twitter.com — Cisco Umbrella Rank: 864	151 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	173 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	4 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 557	140 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
2	w.org s.w.org — Cisco Umbrella Rank: 685	1 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2342 pixel.wp.com — Cisco Umbrella Rank: 2171	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	87 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	18 KB
1	google.ca adservice.google.ca — Cisco Umbrella Rank: 12886	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 862	699 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 94	41 KB
144	17

	Domain	Requested by
33	behindmlm.com	behindmlm.com
22	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
17	pagead2.googlesyndication.com	behindmlm.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
14	fundingchoicesmessages.google.com	pagead2.googlesyndication.com behindmlm.com
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
8	fonts.gstatic.com	fonts.googleapis.com
6	ad.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
4	www.googletagservices.com	googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net
4	platform.twitter.com	behindmlm.com platform.twitter.com
3	www.google.com	1 redirects behindmlm.com tpc.googlesyndication.com
2	static.xx.fbcdn.net	www.facebook.com
2	syndication.twitter.com	platform.twitter.com behindmlm.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	s.w.org	behindmlm.com
2	connect.facebook.net	behindmlm.com connect.facebook.net
1	www.facebook.com	connect.facebook.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.ca	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	behindmlm.com
1	stats.wp.com	behindmlm.com
1	cse.google.com	1 redirects
1	www.googletagmanager.com	behindmlm.com
144	25

This site contains links to these domains. Also see Links.

Domain
feeds.feedburner.com
en.wikipedia.org

Subject Issuer	Validity	Valid
behindmlm.com R3	`2022-06-17` - `2022-09-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-05-25` - `2022-08-23`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2021-11-24` - `2022-12-25`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
Frame ID: 7B6C517541EFCEC37B4871CD1B948007
Requests: 73 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fbehindmlm.com
Frame ID: 3A8130EB3DC4CD68D2F8E721A7663E56
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html
Frame ID: 54C0B52AE5501C148A9AFC7C1610E434
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&adk=1812271804&adf=3025194257&lmt=1660664629&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32&format=0x0&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628884&bpp=3&bdt=295&idt=185&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1174585182207&frm=20&pv=2&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=204
Frame ID: 9ECC1874C2EEB09E6CD3CB3AB10B04BA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=86&slotname=9133322012&adk=1611337112&adf=3303733187&pi=t.ma~as.9133322012&w=728&lmt=1660664629&psa=0&format=728x86&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628889&bpp=2&bdt=300&idt=206&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=550&ady=35&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=axFL7ab6Ui&p=https%3A//behindmlm.com&dtd=212
Frame ID: 3F0BD359DDAA105BE802605AD3F8E3D9
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=1275649579&adk=1506438776&adf=3361096615&pi=t.ma~as.1275649579&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628894&bpp=1&bdt=305&idt=213&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=eIOKK55Jre&p=https%3A//behindmlm.com&dtd=217
Frame ID: BB5782AA720B28682592D7F0042E2F26
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=8166812162&adk=3642231523&adf=843655857&pi=t.ma~as.8166812162&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628895&bpp=2&bdt=306&idt=231&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=hlkd3XBQxD&p=https%3A//behindmlm.com&dtd=238
Frame ID: DDD8411C03E54D790A11F235FE490686
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=600&slotname=1881792926&adk=1979354014&adf=3010266236&pi=t.ma~as.1881792926&w=300&lmt=1660664629&psa=0&format=300x600&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628897&bpp=1&bdt=308&idt=238&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=928&ady=1931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=esnENfFM5f&p=https%3A//behindmlm.com&dtd=242
Frame ID: 8529EEC2E559B9ECCB60EE967E2E03C3
Requests: 15 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.9d00f3a022654eb8edfbc3190e981f9d.en.html
Frame ID: 5EE39312B9B42CE4085AC0ACBAF10BC7
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5329965BB2E95E67EA946B67F9AAB069
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js
Frame ID: FC9C9F9C485897CBE4B121081E71F7B1
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js
Frame ID: 4A697F662C0A4A6C418CB51DB6BF31F7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js
Frame ID: F2426996B24BE5658608CEF892C1628D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17c9c757ffc98%26domain%3Dbehindmlm.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbehindmlm.com%252Ff253aa08ab1ecac%26relation%3Dparent.parent&container_width=530&href=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&layout=button_count&locale=en_GB&sdk=joey&share=false&size=small&width=
Frame ID: A09D815F69A641FFE2EC8E863DD8E4C8
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js
Frame ID: BC559E845CC9A22BE73942F92272FF4A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 54EC40584E2AE8B3C4CEA4277B5BFBEA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B5B92B3739184C98CEAD21DCDFB36708
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Safir International Review: Zeniq Coin Ponzi reboot scheme

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

144
Requests

97 %
HTTPS

74 %
IPv6

17
Domains

25
Subdomains

23
IPs

1
Countries

1795 kB
Transfer

4778 kB
Size

10
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://feeds.feedburner.com/Behindmlm
Title: RSS

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Fair_use
Title: Fair Use

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://cse.google.com/cse.js?cx=partner-pub-1989076782517459:6677894630 HTTP 302
https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3Dpartner-pub-1989076782517459:6677894630&q=EhAmB1MAAGB4ZwAAAAAAAAARGLT27pcGIhAoBu9mCmZe-jZkNoer03ZXMgFy

Request Chain 74

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CNnX4erZy_kCFYMxDAodcisKBw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 90

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 102

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CLDg7urZy_kCFcIBcQodD90FTA;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 120

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CPvNgevZy_kCFUq6nwodSngMWw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

144 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/ 199 KB
37 KB 389ms
358ms Document
text/html 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

534e29bef44e745b2e3547ce980f49cedf46c0e1bc5ff3c45f85a9a6404c174f

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 37226
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 15:43:48 GMT
link: <https://behindmlm.com/wp-json/>; rel="https://api.w.org/" <https://behindmlm.com/wp-json/wp/v2/posts/67833>; rel="alternate"; type="application/json" <https://wp.me/pSOSo-hE5>; rel=shortlink
server: Apache
vary: Accept-Encoding
via: 1.1 google
x-frame-options: sameorigin

GET
H2 200 style.css
behindmlm.com/wp-content/themes/BehindMLM2/ 14 KB
3 KB 20ms
15ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

68cb73fb8450e9b6d99bfe07cd80d8526b28287a6e33c8b30684d5ec9c46fd24

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 25 Jul 2022 17:06:01 GMT
via: 1.1 google
last-modified: Wed, 05 Jan 2022 06:18:53 GMT
server: Apache
age: 1895867
x-frame-options: sameorigin
etag: "3727-5d4cfba600aa3-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3128

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 168 KB
56 KB 125ms
76ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a3f9582e461eb448cf6da3c9999cb554707e7a7c02f6c7a6af3bdf14dc4b93d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57196
x-xss-protection: 0
server: cafe
etag: 1875087957358388885
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 15:43:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
41 KB 89ms
34ms Script
application/javascript 2607:f8b0:4006:822::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-10834465-2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2008 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f3f267a609e24bff024fc690842a6d3e49e6d472ec352f1eb3e2751140e72872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41848
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Aug 2022 15:43:48 GMT

GET
H2 200 style.min.css
behindmlm.com/wp-includes/css/dist/block-library/ 87 KB
12 KB 24ms
20ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/css/dist/block-library/style.min.css?ver=2a2a99d73e06084b46a012f9939c1975

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 23 Jul 2022 15:02:50 GMT
via: 1.1 google
last-modified: Wed, 13 Jul 2022 00:57:40 GMT
server: Apache
age: 2076058
x-frame-options: sameorigin
etag: "15b64-5e3a545a0e277-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11681

GET
H2 200 mediaelementplayer-legacy.min.css
behindmlm.com/wp-includes/js/mediaelement/ 11 KB
3 KB 28ms
25ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:59:08 GMT
via: 1.1 google
last-modified: Wed, 09 Dec 2020 01:22:53 GMT
server: Apache
age: 503080
x-frame-options: sameorigin
etag: "2bf8-5b5fde5fbbaa8-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2592

GET
H2 200 wp-mediaelement.min.css
behindmlm.com/wp-includes/js/mediaelement/ 4 KB
1 KB 29ms
25ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=2a2a99d73e06084b46a012f9939c1975

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 04:08:32 GMT
via: 1.1 google
last-modified: Wed, 13 Nov 2019 09:12:24 GMT
server: Apache
age: 387316
x-frame-options: sameorigin
etag: "105a-59736c358c0b1-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1156

GET
H2 200 styles.css
behindmlm.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 22ms
19ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 18:28:18 GMT
via: 1.1 google
last-modified: Wed, 10 Aug 2022 16:26:29 GMT
server: Apache
age: 508530
x-frame-options: sameorigin
etag: "aab-5e5e582e2ec12-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 972

GET
H2 200 ytprefs.min.css
behindmlm.com/wp-content/plugins/youtube-embed-plus/styles/ 8 KB
2 KB 35ms
32ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.3

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

6c9e9bd4e992b05389236894daba31e34cc03e95c1dcb18fdb229087df1606c6

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 02:35:48 GMT
via: 1.1 google
last-modified: Sat, 16 Jul 2022 01:46:37 GMT
server: Apache
age: 133680
x-frame-options: sameorigin
etag: "2080-5e3e24e3102f3-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1786

GET
H2 200 jetpack.css
behindmlm.com/wp-content/plugins/jetpack/css/ 84 KB
16 KB 19ms
16ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

48fdcad6248cad75d16876289b4543334d70d7aab6c06f79160034568468f813

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 03:13:07 GMT
via: 1.1 google
last-modified: Wed, 03 Aug 2022 02:08:25 GMT
server: Apache
age: 1168241
x-frame-options: sameorigin
etag: "14eba-5e54cb54a4793-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16421

GET
H2 200 quote-comments.js Show response
behindmlm.com/wp-content/plugins/quote-comments/ 6 KB
2 KB 33ms
31ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/quote-comments/quote-comments.js?ver=1.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

badbad062f2e942c3eab0d49366f65e2ff7e705a80deeac6a2bcdbcb824d6bd8

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sat, 23 Jul 2022 15:02:50 GMT
via: 1.1 google
last-modified: Sun, 21 Nov 2021 00:51:04 GMT
server: Apache
age: 2076058
x-frame-options: sameorigin
etag: "16c1-5d141e72a337a-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1691

GET
H2 200 jquery.min.js Show response
behindmlm.com/wp-includes/js/jquery/ 87 KB
30 KB 28ms
26ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 23:23:22 GMT
via: 1.1 google
last-modified: Wed, 21 Jul 2021 11:56:54 GMT
server: Apache
age: 490826
x-frame-options: sameorigin
etag: "15db1-5c7a0ddd7924a-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30908

GET
H2 200 jquery-migrate.min.js Show response
behindmlm.com/wp-includes/js/jquery/ 11 KB
4 KB 35ms
34ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 20:41:12 GMT
via: 1.1 google
last-modified: Wed, 09 Dec 2020 01:22:53 GMT
server: Apache
age: 1105356
x-frame-options: sameorigin
etag: "2bd8-5b5fde5fbd9e9-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4169

GET
H2 200 ytprefs.min.js Show response
behindmlm.com/wp-content/plugins/youtube-embed-plus/scripts/ 13 KB
4 KB 38ms
37ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.3

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

e033ab6e401e91abdde173b0c9b8f85560439bf72b36bbb151dcf2cf629b9fa4

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 02:35:49 GMT
via: 1.1 google
last-modified: Sat, 16 Jul 2022 01:46:37 GMT
server: Apache
age: 133679
x-frame-options: sameorigin
etag: "3562-5e3e24e30476f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4511

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 72ms
18ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

debd37ac7dd10010679d1ee9b2447bcfd225868e83fd937792bb397dddbb7766

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://behindmlm.com/
Origin: https://behindmlm.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: fkQNjeqMrtSY0TkoV1Sgdw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: obHK75VLWgJUWl0onT9UuJmumuHkP6qIYGnUyEh8PltdG54F6n2ZptXKBOac3ULgpZHfV8fEIJmNVCOWty7ctg==
x-fb-trip-id: 1512268381
x-fb-content-md5: ca798f4b4ac482f466d5c1a3e7810793
x-frame-options: DENY
date: Tue, 16 Aug 2022 15:43:48 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "8b7b12d4b23bbfe4fed91c7c06b4fdee"
timing-allow-origin: *
expires: Tue, 16 Aug 2022 15:45:27 GMT

GET
H3 200 behindmlm-logo.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 8 KB
8 KB 30ms
25ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/behindmlm-logo.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

ad72c063814c31626b8b9509a599850d3abf705366819bd37377e3311922af06

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 03:52:06 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 1770702
etag: "1fce-56862d02654fc"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8142

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 169 KB
57 KB 104ms
50ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1989076782517459

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9912422d41d272dd5ae51858e6af68875114b8d010358e62c27757cdae03913f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Origin: https://behindmlm.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57298
x-xss-protection: 0
server: cafe
etag: 5129852030094083815
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 15:43:48 GMT

GET
H3 200 safir-international-logo.webp
behindmlm.com/wp-content/uploads/2021/08/ 3 KB
3 KB 25ms
20ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/08/safir-international-logo.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

5f42aeba809537158371a7432f9c30bff2fa241655a2f69b6fdb90167fcb645b

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 06:18:26 GMT
via: 1.1 google
last-modified: Mon, 23 Aug 2021 13:56:35 GMT
server: Apache
age: 33922
etag: "c32-5ca3a62a99873"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3122

GET
H3 200 wp-emoji-release.min.js Show response
behindmlm.com/wp-includes/js/ 18 KB
5 KB 26ms
22ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/wp-emoji-release.min.js?ver=2a2a99d73e06084b46a012f9939c1975

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 04:08:32 GMT
via: 1.1 google
last-modified: Sun, 29 May 2022 03:42:45 GMT
server: Apache
age: 387316
x-frame-options: sameorigin
etag: "48b9-5e01e5523868c-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 82ms
17ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: 33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 15:43:48 GMT
Content-Encoding: gzip
Age: 1376
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 29278
x-tw-cdn: VZ
Last-Modified: Mon, 15 Aug 2022 23:23:32 GMT
Server: ECS (nyb/1D1E)
Etag: "080f1472776d4d1a972a14cea4433aeb+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2

429

index
www.google.com/sorry/
Redirect Chain

https://cse.google.com/cse.js?cx=partner-pub-1989076782517459:6677894630
https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3Dpartner-pub-1989076782517459:6677894630&q=EhAmB1MAAGB4ZwAAAAAAAAARGLT27pcGIhAoBu9mCmZe-jZkNoer03ZXMgFy

0
0

77ms
28ms

Script
text/html

2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3Dpartner-pub-1989076782517459:6677894630&q=EhAmB1MAAGB4ZwAAAAAAAAARGLT27pcGIhAoBu9mCmZe-jZkNoer03ZXMgFy
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
Protocol: H2
Server: 2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

bfcache-opt-in: unload
date: Tue, 16 Aug 2022 15:43:49 GMT
server: gws
location: https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3Dpartner-pub-1989076782517459:6677894630&q=EhAmB1MAAGB4ZwAAAAAAAAARGLT27pcGIhAoBu9mCmZe-jZkNoer03ZXMgFy
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
x-hallmonitor-challenge: CgsItfbulwYQyPqBFhIQJgdTAABgeGcAAAAAAAAAEQ
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 384
x-xss-protection: 0

GET
H3 200 footerlogo.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 3 KB
3 KB 27ms
23ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/footerlogo.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

cbc7e6b7036a674ce0a9d58ff3d72880569810e2d50dad19d55dd5c4da321933

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 23:23:22 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 490826
etag: "c47-56862d02683dd"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3143

GET
H3 200 related.css
behindmlm.com/wp-content/plugins/yet-another-related-posts-plugin/style/ 307 B
200 B 15ms
14ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/yet-another-related-posts-plugin/style/related.css?ver=5.27.8

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

2efe0d8072659b087901323e1fdb18a0f57e6011cb9cb7edff6e1723fc2e8d70

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 12:49:39 GMT
via: 1.1 google
last-modified: Thu, 02 Dec 2021 01:19:18 GMT
server: Apache
age: 1824849
x-frame-options: sameorigin
etag: "133-5d21f9457296f-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 177

GET
H3 200 anti-spam.min.js Show response
behindmlm.com/wp-content/plugins/anti-spam-reloaded/js/ 923 B
454 B 13ms
12ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/anti-spam-reloaded/js/anti-spam.min.js?ver=6.4

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

febe7eb6b4d3daabd19f253830acaddb7014b75029ad8744912d45bd1627a978

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 15:56:57 GMT
via: 1.1 google
last-modified: Thu, 13 Jan 2022 04:58:21 GMT
server: Apache
age: 1813611
x-frame-options: sameorigin
etag: "39b-5d56f890fc692-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431

GET
H3 200 regenerator-runtime.min.js Show response
behindmlm.com/wp-includes/js/dist/vendor/ 6 KB
2 KB 21ms
15ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 23:23:22 GMT
via: 1.1 google
last-modified: Sun, 29 May 2022 03:42:45 GMT
server: Apache
age: 490826
x-frame-options: sameorigin
etag: "194b-5e01e5523f3ee-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2457

GET
H3 200 wp-polyfill.min.js Show response
behindmlm.com/wp-includes/js/dist/vendor/ 19 KB
7 KB 19ms
13ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 18:28:18 GMT
via: 1.1 google
last-modified: Sun, 29 May 2022 03:42:45 GMT
server: Apache
age: 508530
x-frame-options: sameorigin
etag: "4ac6-5e01e5524038e-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7095

GET
H3 200 index.js Show response
behindmlm.com/wp-content/plugins/contact-form-7/includes/js/ 21 KB
6 KB 21ms
16ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

32dd00604df8db3415240d450341558b6827b1e02dc0f211d8a6d9a4287c522e

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 18:28:18 GMT
via: 1.1 google
last-modified: Wed, 10 Aug 2022 16:26:29 GMT
server: Apache
age: 508530
x-frame-options: sameorigin
etag: "5591-5e5e582e2ccd1-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6564

GET
H3 200 fitvids.min.js Show response
behindmlm.com/wp-content/plugins/youtube-embed-plus/scripts/ 3 KB
1 KB 24ms
19ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.3

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

d8be3a402a3b2ad808402cea111ba3d286239d88e06c8e2969c84f46050dc88a

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 02:35:49 GMT
via: 1.1 google
last-modified: Sat, 16 Jul 2022 01:46:37 GMT
server: Apache
age: 133679
x-frame-options: sameorigin
etag: "c1f-5e3e24e30476f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1082

GET
H3 200 akismet-frontend.js Show response
behindmlm.com/wp-content/plugins/akismet/_inc/ 9 KB
3 KB 27ms
23ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1658853658

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

92d6cc26916cd66aa6baa7829955829200236292f68561c1c0fc44cbf970b28d

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 17:34:03 GMT
via: 1.1 google
last-modified: Tue, 26 Jul 2022 16:40:58 GMT
server: Apache
age: 1807785
x-frame-options: sameorigin
etag: "23ce-5e4b7f70f2c79-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2653

GET
H2 200 e-202233.js Show response
stats.wp.com/ 9 KB
3 KB 69ms
16ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202233.js
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-nc: HIT yyz
date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: br
server: nginx
etag: W/"61beb56a-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 07 Aug 2023 05:28:32 GMT

GET
H3 200 date.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 540 B
561 B 27ms
23ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/date.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

a416e8905a3d5773c47fbb2166e048301ea8746d32c526e44611dcacd0899d97

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 03:52:06 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 1770702
etag: "21c-56862d026455c"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H3 200 folder.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 970 B
991 B 28ms
24ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/folder.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

f438bd946bcf76ec40f285a8f83382d9f8b26d28099f35e3db66503b41ef2620

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 27 Jul 2022 03:52:06 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 1770702
etag: "3ca-56862d02635bc"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 970

GET
H3 200 zeniq-technologies-product-safir-international-website.webp
behindmlm.com/wp-content/uploads/2021/08/ 19 KB
19 KB 29ms
20ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/08/zeniq-technologies-product-safir-international-website.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

e5523817c03c9d1d0e9f9432147d15c0208adfec32b2ca3a22a7e6b1714b4c82

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 06:18:27 GMT
via: 1.1 google
last-modified: Mon, 23 Aug 2021 13:56:37 GMT
server: Apache
age: 33921
etag: "4a36-5ca3a62c15715"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18998

GET
H3 200 erwin-dokter-ceo-zeniq-technologies.webp
behindmlm.com/wp-content/uploads/2021/08/ 22 KB
22 KB 27ms
17ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/08/erwin-dokter-ceo-zeniq-technologies.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

c227fe7d87b331c7a9adec030bc137f0d456fa6c2bf6c6661157219390d773d3

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 06:18:26 GMT
via: 1.1 google
last-modified: Mon, 23 Aug 2021 13:56:33 GMT
server: Apache
age: 33922
etag: "5848-5ca3a628da39b"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22600

GET
H3 200 safir-international-executive-team-ceo-erwin-dokter.webp
behindmlm.com/wp-content/uploads/2021/08/ 20 KB
20 KB 24ms
15ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/08/safir-international-executive-team-ceo-erwin-dokter.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

dba12b9485e12b990bcc8a631cd7e3a0e7409579c76d86ec6b10d52356b98b38

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 06:18:27 GMT
via: 1.1 google
last-modified: Mon, 23 Aug 2021 13:56:35 GMT
server: Apache
age: 33921
etag: "4e52-5ca3a62a2454b"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20050

GET
H3 200 erwin-dokter-ceo-juwelis-digital-systems.webp
behindmlm.com/wp-content/uploads/2021/08/ 14 KB
14 KB 31ms
22ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/08/erwin-dokter-ceo-juwelis-digital-systems.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

0db6bdf01b228550ac4140ddda661ed2cfdfacaca5fd3ba5374336df930951f9

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 06:18:27 GMT
via: 1.1 google
last-modified: Mon, 23 Aug 2021 13:56:33 GMT
server: Apache
age: 33921
etag: "37e0-5ca3a62809393"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14304

GET
H3 200 juwelis-coin-promotion-twitter.webp
behindmlm.com/wp-content/uploads/2021/08/ 30 KB
30 KB 27ms
18ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/08/juwelis-coin-promotion-twitter.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

a696780889eee97240f5e1fc499d49ffdf64a6d5bacb18861a0e78310c9b08bf

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 06:18:27 GMT
via: 1.1 google
last-modified: Mon, 23 Aug 2021 13:56:34 GMT
server: Apache
age: 33921
etag: "77dc-5ca3a62987176"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30684

GET
H3 200 bullet.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 136 B
160 B 17ms
13ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/bullet.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

bfc62cb93d376fcaa619279e23ed2889779aaaa7bdf1a25dd0c42f5ed2d657b0

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 29 Jul 2022 01:33:58 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 1606190
etag: "88-56862d026743d"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136

GET
H3 200 commentbutton.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 2 KB
2 KB 17ms
13ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/commentbutton.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

8b283e0604bed5fd52532c293e5d792be8d35ee6c7d9d4a303759dcb41567d9e

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 26 Jul 2022 13:39:52 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 1821836
etag: "88b-56862d026455c"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2187

GET
H3 200 sidebar_h2dark.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 2 KB
2 KB 18ms
14ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/sidebar_h2dark.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

d59bfe78466d3fa4afdd786dfc4270dfed248a5ddc54d2e79b39b303de37903f

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 05 Aug 2022 15:04:53 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 952735
etag: "664-56862d02683dd"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1636

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 25ms
16ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A11.2&blog=13065284&post=67833&tz=8&srv=behindmlm.com&host=behindmlm.com&ref=&fcp=516&rand=0.0674127460880336
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 15:43:48 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 1f600.svg
s.w.org/images/core/emoji/14.0.0/svg/ 450 B
684 B 56ms
16ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f600.svg

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

41478e547c5b6ad66bfcf91ead5350fa0bc247956c3ff912020327e3e9ad0d2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 16 Aug 2022 15:43:48 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 450
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f642.svg
s.w.org/images/core/emoji/14.0.0/svg/ 525 B
388 B 56ms
16ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f642.svg

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-nc: HIT yyz 1
date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:50:59 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 296 KB
84 KB 39ms
18ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=407ebba280503ebccf3da41f8653408a

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6a4120a31e11cdeee8c948c8686d04b5a27c4e0a722936a97729e1298b9f3183

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://behindmlm.com/
Origin: https://behindmlm.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: aJKdkUlTujvTqOWHMHbhcw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86373
x-fb-rlafr: 0
x-fb-debug: 5oHTzHFmfgXoUhl3MjFqQQXnLyN//c9AgG4+iViV8335qB94J+i+55Hz/rF1w2u/9//5SEh7+nrPDLOrbFFrRw==
x-fb-content-md5: fc968669e9f355f4299ad3247ecabc4b
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Aug 2022 15:43:48 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "8940ec60ba96f91e9c4cd31ffe91fdee"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 16 Aug 2023 12:55:14 GMT

GET
H/1.1 200
OK widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html Show response
platform.twitter.com/widgets/ Frame 3A81 320 KB
104 KB 19ms
19ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fbehindmlm.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1A) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 58677
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 15:43:48 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Mon, 15 Aug 2022 23:01:14 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/ 340 KB
120 KB 102ms
60ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1bac8367f903d5efde4f198ba2394d53f3294d1ba8c5a5edeb1f6d71582e2cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122690
x-xss-protection: 0
server: cafe
etag: 5379108778450567177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 15:43:48 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/ Frame 54C0 10 KB
5 KB 80ms
20ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 2969
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 14:54:19 GMT
etag: 8616628553774171045
expires: Tue, 30 Aug 2022 14:54:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 102ms
89ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20Only%20one%20%27enable_page_level_ads%27%20allowed%20per%20page.%0Aat%20fq%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A244%3A323)%0Aat%20eq%20(adsbygoogle.js%3A243%3A1557)%0Aat%20lq%20(adsbygoogle.js%3A250%3A365)%0Aat%20c%20(adsbygoogle.js%3A251%3A38)%0Aat%20mq%20(adsbygoogle.js%3A251%3A156)%0Aat%20xq%20(adsbygoogle.js%3A260%3A255)%0Aat%20nq%20(adsbygoogle.js%3A257%3A89)%0Aat%20adsbygoogle.js%3A252%3A47%0Aat%20n.oa%20(adsbygoogle.js%3A124%3A778)%0Aat%20Wj%20(adsbygoogle.js%3A129%3A1037)&shv=r20220811&mjsv=m202208110101&eid=44759876%2C44759927%2C44759842%2C31068937&client=ca-pub-1989076782517459&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 101ms
88ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20No%20slot%20size%20for%20availableWidth%3D0%0Aat%20io%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A194%3A371)%0Aat%20ho%20(adsbygoogle.js%3A193%3A137)%0Aat%20po%20(adsbygoogle.js%3A197%3A187)%0Aat%20Sp%20(adsbygoogle.js%3A241%3A460)%0Aat%20fq%20(adsbygoogle.js%3A244%3A105)%0Aat%20eq%20(adsbygoogle.js%3A243%3A1557)%0Aat%20nq%20(adsbygoogle.js%3A258%3A347)%0Aat%20adsbygoogle.js%3A252%3A47%0Aat%20n.oa%20(adsbygoogle.js%3A124%3A778)%0Aat%20Wj%20(adsbygoogle.js%3A129%3A1037)&shv=r20220811&mjsv=m202208110101&eid=44759876%2C44759927%2C44759842%2C31068937&client=ca-pub-1989076782517459&slotname=7157625860&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
19ms Script
text/javascript 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-10834465-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4697
date: Tue, 16 Aug 2022 14:25:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Aug 2022 16:25:32 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 3A81 637 B
567 B 129ms
47ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=aaa1cc0a2b15718eec8689747e98f3e23a01e0fd

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.9d00f3a022654eb8edfbc3190e981f9d.html?origin=https%3A%2F%2Fbehindmlm.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

93d57070891158b46857268e1f539c94d0f7ef59a2eeb0e5ae5e128e4fa26b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time: 8
date: Tue, 16 Aug 2022 15:43:48 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 15:43:49 GMT
server: tsa_b
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: a0f70a95153d466a3d9d23f498c19a4704d045e967cea782cf332f1f59d58568
content-length: 286

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
699 B 94ms
34ms Script
text/javascript 142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=behindmlm.com&callback=_gfp_s_&client=ca-pub-1989076782517459&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

cafe /

Resource Hash

3d3747e48ec944ec37d7a894a77f3231734f02e97b56b755185a7d2a2ab2b3d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 91ms
40ms Script
application/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=behindmlm.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 90ms
40ms Script
application/javascript 2607:f8b0:4006:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=behindmlm.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9ECC 9 KB
761 B 170ms
127ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&adk=1812271804&adf=3025194257&lmt=1660664629&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32&format=0x0&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628884&bpp=3&bdt=295&idt=185&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1174585182207&frm=20&pv=2&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=204

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ebfe762524e5f5efd99d6ec3c7bd8c0297fcb2f81644b006dc2cb9799fdff05c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 738
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:49 GMT
expires: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3F0B 78 KB
29 KB 522ms
492ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=86&slotname=9133322012&adk=1611337112&adf=3303733187&pi=t.ma~as.9133322012&w=728&lmt=1660664629&psa=0&format=728x86&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628889&bpp=2&bdt=300&idt=206&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=550&ady=35&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=axFL7ab6Ui&p=https%3A//behindmlm.com&dtd=212

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3defaa46be5f059610a6b8b86a4fbf2ca1000c9c48fcc25423a7750dae3333b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 29795
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:49 GMT
expires: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BB57 79 KB
29 KB 746ms
726ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=1275649579&adk=1506438776&adf=3361096615&pi=t.ma~as.1275649579&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628894&bpp=1&bdt=305&idt=213&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=eIOKK55Jre&p=https%3A//behindmlm.com&dtd=217

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8379556e836f7b1810485827899f236030cb3bf64c9b7323fe705af58cc7b676

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 29803
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:49 GMT
expires: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 75ms
33ms XHR
text/plain 2607:f8b0:4006:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1028848542&t=pageview&_s=1&dl=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&ul=en-us&de=UTF-8&dt=Safir%20International%20Review%3A%20Zeniq%20Coin%20Ponzi%20reboot%20scheme&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=754848219&gjid=1714077955&cid=1615710292.1660664629&tid=UA-10834465-2&_gid=1267212866.1660664629&_r=1&gtm=2ou8f0&z=1168801730

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://behindmlm.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DDD8 79 KB
29 KB 932ms
932ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=8166812162&adk=3642231523&adf=843655857&pi=t.ma~as.8166812162&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628895&bpp=2&bdt=306&idt=231&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=hlkd3XBQxD&p=https%3A//behindmlm.com&dtd=238

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dca782aae511ad03d0c60a2aaa50d5226a5f83e3af282389243d32f0c493e2a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 29813
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:50 GMT
expires: Tue, 16 Aug 2022 15:43:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8529 93 KB
32 KB 473ms
473ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=600&slotname=1881792926&adk=1979354014&adf=3010266236&pi=t.ma~as.1881792926&w=300&lmt=1660664629&psa=0&format=300x600&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628897&bpp=1&bdt=308&idt=238&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=928&ady=1931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=esnENfFM5f&p=https%3A//behindmlm.com&dtd=242

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c7997c079c7e7b7e9099e53835a332f993b037c07039cb4cfef65532e1aeda8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32334
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:49 GMT
expires: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK button.b1b167848c287659f2a6ccf2f75db0b5.js Show response
platform.twitter.com/js/ 7 KB
3 KB 18ms
18ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.b1b167848c287659f2a6ccf2f75db0b5.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: a9729002880774b272306f1cc58eab97d1121239e882419538e5e6548ccc260e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 15:43:49 GMT
Content-Encoding: gzip
Age: 58676
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 2359
x-tw-cdn: VZ
Last-Modified: Mon, 15 Aug 2022 23:01:06 GMT
Server: ECS (nyb/1D1E)
Etag: "ab91dc5840dfa6af606ebfda8f434b51+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.9d00f3a022654eb8edfbc3190e981f9d.en.html Show response
platform.twitter.com/widgets/ Frame 5EE3 37 KB
14 KB 18ms
18ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.9d00f3a022654eb8edfbc3190e981f9d.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nyb/1D1E) /
Resource Hash: 9886e9c9284d915916906d857b9d2045318ae29bba7d360b2cad9758deb8a292

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 58676
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13751
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 15:43:49 GMT
Etag: "648fcdf5ca106424a58df2f0cdc5dab8+gzip"
Last-Modified: Mon, 15 Aug 2022 23:01:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nyb/1D1E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
356 B 48ms
48ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1660664629200%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2231f0cdc1eaa0f%3A1660602114609%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=aaa1cc0a2b15718eec8689747e98f3e23a01e0fd

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 9
pragma: no-cache
last-modified: Tue, 16 Aug 2022 15:43:49 GMT
server: tsa_b
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a0f70a95153d466a3d9d23f498c19a4704d045e967cea782cf332f1f59d58568
x-transaction: 9074233181d8f160
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 5EE3 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ca-pub-1989076782517459 Show response
fundingchoicesmessages.google.com/i/ 104 KB
37 KB 123ms
71ms Script
application/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-1989076782517459?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ae57eb1aa5ad3a582a66d11ca5c6bb1dd4a60fa386b656ddbcb82091ed94add

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-vQEKv2jwxejWxtnYH2wWsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-vQEKv2jwxejWxtnYH2wWsw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingWebSwitchboardHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingWebSwitchboardHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingWebSwitchboardHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-vQEKv2jwxejWxtnYH2wWsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-vQEKv2jwxejWxtnYH2wWsw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 80ms
80ms Image
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-1989076782517459&warn=12%2C13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=true&a=6%2C1%2C5%2C7&apv=20220809_084643&sat=1660442399400&afm=2%2C0&as_count=5&d_count=0&ng_count=0&am_count=0&atf_count=2&mdns=0.043&alldns=0.043&allp=20&fd=(0%2C0%2C0)%2C(1%2C16%2C0)%2C(2%2C0%2C0)&pgh=35149&abl=false&rr=n&su=behindmlm.com&pvc=2415633600784731&r=0.1&eid=44759876%2C44759927%2C44759842%2C31068937

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWylGVEbjh2nAPjXsXyutG7WJrRGHZQo7vKMpr8KnmY4U58yhmXazQJMnzgsXJjdr8BWnSfBdVMrUJQwNLRBm8= Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 108ms
66ms Script
application/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWylGVEbjh2nAPjXsXyutG7WJrRGHZQo7vKMpr8KnmY4U58yhmXazQJMnzgsXJjdr8BWnSfBdVMrUJQwNLRBm8=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYwNjY0NjI5LDQ2NTAwMDAwMF0sIjQ1QUZDNzIwLUJGNDktNDRGOC05ODhDLUIwMjI3RkI5RDUwNiIsbnVsbCxudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vYmVoaW5kbWxtLmNvbS9tbG0tcmV2aWV3cy9zYWZpci1pbnRlcm5hdGlvbmFsLXJldmlldy16ZW5pcS1jb2luLXBvbnppLXJlYm9vdC1zY2hlbWUvIixudWxsLFtdXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.4wI5rbfYPJs.es5.O/d=1/rs=AJlcJMxL9AJKm6GuDXowUKN2xnwRH1fXoQ/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f36873f089ceaae6f322e8b7b1e536c1e2d549bb88abacb2e010d1dad9d8d005

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Cc457dDgDQp6pNafaNlJ3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Cc457dDgDQp6pNafaNlJ3w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-Cc457dDgDQp6pNafaNlJ3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Cc457dDgDQp6pNafaNlJ3w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUagNVpRF0K4XstnnZ_6tvEyNCYeILA0A5rWXbMAVZENmjR9oHGWogkm-GBPg0HSDf2fv_FgYHvyo43tEsTXGFFUWuTnqKTgSSK1y9vaUTNG3CSw3YGfXtGETyteO_A2efAwBB38g== Show response
fundingchoicesmessages.google.com/f/ 19 KB
8 KB 87ms
87ms Script
application/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUagNVpRF0K4XstnnZ_6tvEyNCYeILA0A5rWXbMAVZENmjR9oHGWogkm-GBPg0HSDf2fv_FgYHvyo43tEsTXGFFUWuTnqKTgSSK1y9vaUTNG3CSw3YGfXtGETyteO_A2efAwBB38g==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYwNjY0NjI5LDU4MjAwMDAwMF0sIjQ1QUZDNzIwLUJGNDktNDRGOC05ODhDLUIwMjI3RkI5RDUwNiIsbnVsbCxudWxsLFtudWxsLFs3LDldLG51bGwsMixudWxsLCJlbiJdLCJodHRwczovL2JlaGluZG1sbS5jb20vbWxtLXJldmlld3Mvc2FmaXItaW50ZXJuYXRpb25hbC1yZXZpZXctemVuaXEtY29pbi1wb256aS1yZWJvb3Qtc2NoZW1lLyIsbnVsbCxbXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dbdba159606e8249a21382fb9edcbb00bcb3e03d9d293260daef975b7c1d7666

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yKNCozoQjzedNachn6Rfkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-yKNCozoQjzedNachn6Rfkg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: script-src 'report-sample' 'nonce-yKNCozoQjzedNachn6Rfkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-yKNCozoQjzedNachn6Rfkg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
date: Tue, 16 Aug 2022 15:43:49 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8529 8 KB
1 KB 85ms
35ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=600&slotname=1881792926&adk=1979354014&adf=3010266236&pi=t.ma~as.1881792926&w=300&lmt=1660664629&psa=0&format=300x600&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628897&bpp=1&bdt=308&idt=238&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=928&ady=1931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=esnENfFM5f&p=https%3A//behindmlm.com&dtd=242

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:00:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 15:43:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 8529 2 KB
936 B 88ms
41ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 661
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:32:48 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame 8529 23 KB
10 KB 64ms
18ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 640
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:33:09 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 8529 3 KB
1 KB 71ms
40ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1074
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:25:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8529 140 KB
44 KB 118ms
71ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 8529 17 KB
8 KB 66ms
21ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:37:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:37:40 GMT

GET
H2 200 16838d5bcb4c763c91f5404f5ca97705.js Show response
www.gstatic.com/mysidia/ Frame 8529 33 KB
14 KB 65ms
19ms Script
text/javascript 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/16838d5bcb4c763c91f5404f5ca97705.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 03:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 475726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13605
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 03:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 03:35:03 GMT

GET
H3

200

B26984702.331762716;dc_pre=CNnX4erZy_kCFYMxDAodcisKBw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/ Frame 8529
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;...
https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CNnX4erZy_kCFYMxDAodcisKBw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_fo...

42 B
65 B

82ms
43ms

Fetch
image/gif

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CNnX4erZy_kCFYMxDAodcisKBw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

Server

142.250.80.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CNnX4erZy_kCFYMxDAodcisKBw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4100748689;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8529 0
0 90ms
89ms Fetch
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvyW8Nbv7YubiCpasqMwPjOe3mAaopebra_2dlq-dEIW_oJiRDhABIOis8Apg_eiigfADoAGh08HvA8gBCakCd0mn4O78qT6oAwHIA8sEqgSVAk_Q_B0ggqgJY7DmjyhF-ZB1b8RpPPjn8tx7B7f3dJ_nhUyL8abFoXwHmiKV_ceknfyYVqmWZmGrYef5IK3E0f6iCMvvIxX3Ob5zSX4KG0Y2u4q8MCHzZ-FFfbmIZ6n9lQimOuPKnCA2P2nwf6zIegBOjFvLE1Q22tqyQF21JsxHRQS2sPmnVTOQvwqqYdaX_UJPf8BU0tIr5h-90cPyAPNlAPYIzi3mHrNITPBCHJfm32LT62Urq6xX3tw2-qaImXyGbIrVyk5cv9TXHjCvGoM8OWRQjR7CbMRLaOqykgJLYjGisaGW6OCxKtTNJtYTd1D0ZTvnrGHfALRlTNZniiwjKjtM-BKdw_XwfcVq6SRi4FZ33oXABP3e-LL2A5IFBAgEGAGSBQQIBRgEoAYugAe265-PAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEMzhENIIDwiAYRABGB8yAooCOgKAQIAKAcgLAdgTDYgUAdAVAYAXAbIXHAoaCAASFHB1Yi0xOTg5MDc2NzgyNTE3NDU5GAA&sigh=3Gjl4Yc_SkA&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=600&slotname=1881792926&adk=1979354014&adf=3010266236&pi=t.ma~as.1881792926&w=300&lmt=1660664629&psa=0&format=300x600&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628897&bpp=1&bdt=308&idt=238&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=928&ady=1931&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=esnENfFM5f&p=https%3A//behindmlm.com&dtd=242
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 3F0B 8 KB
966 B 62ms
37ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=86&slotname=9133322012&adk=1611337112&adf=3303733187&pi=t.ma~as.9133322012&w=728&lmt=1660664629&psa=0&format=728x86&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628889&bpp=2&bdt=300&idt=206&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=550&ady=35&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=axFL7ab6Ui&p=https%3A//behindmlm.com&dtd=212

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:00:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 15:43:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 3F0B 2 KB
983 B 63ms
40ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 661
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:32:48 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame 3F0B 23 KB
10 KB 57ms
36ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 640
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:33:09 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 3F0B 3 KB
1 KB 33ms
32ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1074
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:25:55 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F0B 140 KB
43 KB 144ms
122ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1b0541f82f31cab4d9c95f9e0ed760d579580a0dde81bfa342effb6c8b677d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660562816195624"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame 3F0B 17 KB
7 KB 44ms
24ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:37:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:37:40 GMT

GET
H2 200 16838d5bcb4c763c91f5404f5ca97705.js Show response
www.gstatic.com/mysidia/ Frame 3F0B 33 KB
13 KB 24ms
23ms Script
text/javascript 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/16838d5bcb4c763c91f5404f5ca97705.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 03:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 475726
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13605
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 03:14:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 03:35:03 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14198907861150186655/ Frame 8529 16 KB
16 KB 60ms
42ms Image
image/jpeg 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14198907861150186655/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45cc293005a29516cb4b17adbd8fa0248621e7fecf7a6d47f10a7ae5f5772d45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 11:06:08 GMT
x-content-type-options: nosniff
age: 16661
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16448
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 17:42:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 16 Aug 2023 11:06:08 GMT

GET
DATA 200
OK truncated
/ Frame 8529 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 8529 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3F0B 0
0 89ms
88ms Fetch
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CpxZFNbv7YtuhCsuqqMwPs8qmkAn76pzxaqDf-sSTD9rZHhABIOis8Apg_eiigfADoAGf08b9A8gBAagDAcgDywSqBI8CT9APiAIb5LYnOK9Zk4hpV4SVfFC1WQwZmLYXOqUvRp3VMbYdPB8kxdnILE88C9FxE2HLwIXj9G92BEonuXcwGYB1WUQygSOMGI6A7ID9Nh9p_vn-Nqb2TNHRkP2dlepyj5b1AgmVOLzb7Wa7b9bWH6zBqZOt4IKwLX_9q2e_eGHQ7F1tWhLjnBJ_DV-2pgw-H5n1dx6A923PjVI3oYY-ZCg2byjFAYggjCnkUh_GMUX-Iir8tKGLBVRg2l41TjmCIpmB4en7H3g11zCEF76xLrTSPRF2Y0rsND8TOV4ufOA1QeI_N50cQL36JPHSkuqRYylU-HeCEiUd60GMx8PMIJhzJKemjF5WwEgL0U2T3MAE6tCW_60DkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGAB8msuQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCwgRzSCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw2IFAXQFQGYFgGAFwGyFxwKGggAEhRwdWItMTk4OTA3Njc4MjUxNzQ1ORgA&sigh=NdeWBUH5mbA&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=86&slotname=9133322012&adk=1611337112&adf=3303733187&pi=t.ma~as.9133322012&w=728&lmt=1660664629&psa=0&format=728x86&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628889&bpp=2&bdt=300&idt=206&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=550&ady=35&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=axFL7ab6Ui&p=https%3A//behindmlm.com&dtd=212
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
69 B 47ms
46ms Image
image/gif 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=0.5987418809208467

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-3xfxQh5M7IcM4d-S9Esvng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-3xfxQh5M7IcM4d-S9Esvng' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-3xfxQh5M7IcM4d-S9Esvng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-3xfxQh5M7IcM4d-S9Esvng' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingDetectionHttp"
x-frame-options: SAMEORIGIN
date: Tue, 16 Aug 2022 15:43:49 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingDetectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingDetectionHttp/external"}]}
content-type: image/gif
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
69 B 49ms
47ms Image
image/gif 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=8.225163887211409

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/mlm-reviews/safir-international-review-zeniq-coin-ponzi-reboot-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Nca73y7XuEbu8Wv64IJvwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-Nca73y7XuEbu8Wv64IJvwQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingDetectionHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingDetectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingDetectionHttp/external"}]}
content-type: image/gif
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-Nca73y7XuEbu8Wv64IJvwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-Nca73y7XuEbu8Wv64IJvwQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5329 143 B
163 B 19ms
19ms Document
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=86&slotname=9133322012&adk=1611337112&adf=3303733187&pi=t.ma~as.9133322012&w=728&lmt=1660664629&psa=0&format=728x86&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628889&bpp=2&bdt=300&idt=206&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=550&ady=35&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=axFL7ab6Ui&p=https%3A//behindmlm.com&dtd=212
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 15:11:47 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5329
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

75ms
75ms

Document
text/html

2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 15:43:49 GMT
expires: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:49 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 86ms
46ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XE5kAEzCQTXuW1bgnsLpNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-XE5kAEzCQTXuW1bgnsLpNA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-XE5kAEzCQTXuW1bgnsLpNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-XE5kAEzCQTXuW1bgnsLpNA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 8529 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c45e80d9ef1c9abf9b8acd9e6e45edd6aa269e246b149af86056c76686e0a44c

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 8529 28 KB
28 KB 65ms
19ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 20:34:36 GMT
x-content-type-options: nosniff
age: 500953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 20:34:36 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame BB57 6 KB
672 B 76ms
35ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=1275649579&adk=1506438776&adf=3361096615&pi=t.ma~as.1275649579&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628894&bpp=1&bdt=305&idt=213&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=eIOKK55Jre&p=https%3A//behindmlm.com&dtd=217

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:41:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 15:43:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame BB57 2 KB
902 B 97ms
53ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 661
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:32:48 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame BB57 23 KB
9 KB 68ms
24ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 640
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:33:09 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame BB57 3 KB
1 KB 52ms
20ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1074
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:25:55 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB57 140 KB
43 KB 85ms
44ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 15:43:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame BB57 17 KB
7 KB 63ms
20ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:37:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:37:40 GMT

GET
H3 200 8b4497fa63e027c9bb788e6248932fc0.js Show response
www.gstatic.com/mysidia/ Frame BB57 32 KB
13 KB 62ms
20ms Script
text/javascript 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b4497fa63e027c9bb788e6248932fc0.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d151abaa7946d205cc769fd84d0acaeec4b759872dc714b237435f10ece11d35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 10:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13370
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 23:02:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 10:06:29 GMT

GET
DATA 200
OK truncated
/ Frame 3F0B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6b95fdcfb0e90c360a90be53a6f6acc2e6b512b0100f5a6fab907643bd7f95a8

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

B26984702.331762716;dc_pre=CLDg7urZy_kCFcIBcQodD90FTA;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/ Frame BB57
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;...
https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CLDg7urZy_kCFcIBcQodD90FTA;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_fo...

42 B
63 B

48ms
48ms

Fetch
image/gif

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CLDg7urZy_kCFcIBcQodD90FTA;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

Server

142.250.80.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:49 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CLDg7urZy_kCFcIBcQodD90FTA;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=4009363547;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame BB57 0
0 122ms
122ms Fetch
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CrDEaNbv7YtGdCpeTqMwPjZGo0A2opebra_2dlq-dEIW_oJiRDhABIOis8Apg_eiigfADoAGh08HvA8gBCakCbqsBtAYAqj6oAwHIA8sEqgSVAk_QMK0piip7ln3CIPoT0RebKykArPYh8v5zI5x4A6D2KIG52lf9an-8wD28urmNGVbpx2fn6rbiYRV3FtRwASdqSETmSinjNb8GATNC_cnsTrlibEQzNmHQO3832yX-EBMLY9rCpdJkC0ZADZ1h-M2U2Ay05YsfFeVo1V2nTd2KXUtmxKuIX4LN7WygqweLQkJWwyFrLaCIBE_KWoAtz9JWPXimq7-6N0LryH73XtjyQWzWUyIjj_-Lt6rgUC6HVQklK1iCXuONSTxwQYPfbnHxi2tS_bXrSxsUYDm4c-jHgYDSNGj82JQJkgSRntOqVDuiXVR1fMrUYX-nD_9SX5PrNCGG6qm2tiOyA5cbMw3BYkjx0HzABP3e-LL2A5IFBAgEGAGSBQQIBRgEoAYugAe265-PAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEIedItIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEw2IFAHQFQGAFwGyFxwKGggAEhRwdWItMTk4OTA3Njc4MjUxNzQ1ORgA&sigh=-pdJrPTKgyI&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=1275649579&adk=1506438776&adf=3361096615&pi=t.ma~as.1275649579&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628894&bpp=1&bdt=305&idt=213&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=618&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=eIOKK55Jre&p=https%3A//behindmlm.com&dtd=217
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Aug 2022 15:43:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 3F0B 28 KB
28 KB 46ms
38ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 20:34:36 GMT
x-content-type-options: nosniff
age: 500953
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 20:34:36 GMT

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/14198907861150186655/ Frame BB57 50 KB
50 KB 56ms
29ms Image
image/jpeg 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14198907861150186655/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b159bc1bdac7fddc83b6fdd1b1b72657d55677b36a548f9d242bf6eea420dc30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 09:36:58 GMT
x-content-type-options: nosniff
age: 22011
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50693
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 17:43:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 16 Aug 2023 09:36:58 GMT

GET
DATA 200
OK truncated
/ Frame BB57 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8ef8e5c706cf73e96dbba91218a8ed411e88710d37f93337d5be681ee5b929f

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame FC9C 36 KB
14 KB 44ms
43ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 18:05:18 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 4A69 36 KB
14 KB 24ms
20ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 18:05:18 GMT

GET
DATA 200
OK truncated
/ Frame BB57 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c7d9d04d7417deff286a7567eae9a9e7a88f2d52390b9730631389a9e02f729

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BB57 15 KB
15 KB 64ms
21ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:35:49 GMT
x-content-type-options: nosniff
age: 504481
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 19:35:49 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BB57 15 KB
16 KB 62ms
22ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:31:57 GMT
x-content-type-options: nosniff
age: 504713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 19:31:57 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BB57 15 KB
15 KB 66ms
29ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:33:19 GMT
x-content-type-options: nosniff
age: 504631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 19:33:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DDD8 6 KB
672 B 36ms
35ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=8166812162&adk=3642231523&adf=843655857&pi=t.ma~as.8166812162&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628895&bpp=2&bdt=306&idt=231&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=hlkd3XBQxD&p=https%3A//behindmlm.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 15:00:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 15:43:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 15:43:50 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame DDD8 2 KB
902 B 21ms
20ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:32:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 662
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:32:48 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame DDD8 23 KB
9 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 641
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:33:09 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame DDD8 3 KB
1 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1075
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:25:55 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DDD8 140 KB
43 KB 59ms
58ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 15:43:50 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame DDD8 17 KB
7 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:37:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 15:37:40 GMT

GET
H3 200 8b4497fa63e027c9bb788e6248932fc0.js Show response
www.gstatic.com/mysidia/ Frame DDD8 32 KB
13 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b4497fa63e027c9bb788e6248932fc0.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d151abaa7946d205cc769fd84d0acaeec4b759872dc714b237435f10ece11d35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 10:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 452241
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13370
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 23:02:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 10:06:29 GMT

GET
H3

200

B26984702.331762716;dc_pre=CPvNgevZy_kCFUq6nwodSngMWw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/ Frame DDD8
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;...
https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CPvNgevZy_kCFUq6nwodSngMWw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_fo...

42 B
63 B

57ms
54ms

Fetch
image/gif

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CPvNgevZy_kCFUq6nwodSngMWw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Protocol

Server

142.250.80.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N5409.Google_Canada_EN/B26984702.331762716;dc_pre=CPvNgevZy_kCFUq6nwodSngMWw;dc_trk_aid=525621454;dc_trk_cid=163869937;ord=1750658936;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DDD8 0
0 101ms
101ms Fetch
text/html 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CM2DvNbv7Yrm5CsHFo9kPlbux2AGopebra_2dlq-dEIW_oJiRDhABIOis8Apg_eiigfADoAGh08HvA8gBCakCd0mn4O78qT6oAwHIA8sEqgSVAk_Q0jaZZv1vXm2A7mUxcW2BsQ_V0L2ZdqLU-KT3PVBaBSWtiVjIS-WlOn3zusq9xYsJbCKnOmNnkOuLXSVuoEjVcIT87grqGoNPaLnLP-h-WV9N1dZ9H7dGy1EEyXzwCp6ygP4HsGm_vAIrFSHU7VN5IV-N9U-PqABvVp0WMh9X6nIDa0dy9wLcScUceOhdCwJhZgWcLjoon59S0bILtCSGEwFQBPc-58M6U3qAlsC6yE8UtlVmPesL7y3j8I1gOJvlMMtoxsdkINatIMJZu31DMXO0gUL4jI5moFwNGDsT6RTfMwOisYC553KX1UdS79DfHoevuWuzHx35HUD4Te9N_DJb2O_bjFXqXyXHppqjpbQ6D9PABP3e-LL2A5IFBAgEGAGSBQQIBRgEoAYugAe265-PAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOOeF9IIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEw2IFAHQFQGAFwGyFxwKGggAEhRwdWItMTk4OTA3Njc4MjUxNzQ1ORgA&sigh=D6XjBIes9es&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1989076782517459&output=html&h=280&slotname=8166812162&adk=3642231523&adf=843655857&pi=t.ma~as.8166812162&w=336&lmt=1660664629&psa=0&format=336x280&url=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660664628895&bpp=2&bdt=306&idt=231&shv=r20220811&mjsv=m202208110101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x86%2C336x280&nras=1&correlator=1174585182207&frm=20&pv=1&ga_vid=1615710292.1660664629&ga_sid=1660664629&ga_hid=1028848542&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=910&ady=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31068937&oid=2&pvsid=2415633600784731&tmod=586662795&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=hlkd3XBQxD&p=https%3A//behindmlm.com&dtd=238
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Aug 2022 15:43:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/14198907861150186655/ Frame DDD8 50 KB
50 KB 20ms
20ms Image
image/jpeg 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14198907861150186655/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b159bc1bdac7fddc83b6fdd1b1b72657d55677b36a548f9d242bf6eea420dc30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 09:36:58 GMT
x-content-type-options: nosniff
age: 22012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50693
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 17:43:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 16 Aug 2023 09:36:58 GMT

GET
DATA 200
OK truncated
/ Frame DDD8 219 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8ef8e5c706cf73e96dbba91218a8ed411e88710d37f93337d5be681ee5b929f

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame F242 36 KB
14 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 18:05:18 GMT

GET
DATA 200
OK truncated
/ Frame DDD8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb487ee954b0658f6522225685b5a71e11b5901228d76f2fc5f824d35f5614df

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DDD8 15 KB
15 KB 38ms
30ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:35:49 GMT
x-content-type-options: nosniff
age: 504481
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 19:35:49 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DDD8 15 KB
16 KB 43ms
32ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:31:57 GMT
x-content-type-options: nosniff
age: 504713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 19:31:57 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DDD8 15 KB
15 KB 38ms
33ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 19:33:19 GMT
x-content-type-options: nosniff
age: 504631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 19:33:19 GMT

GET
H2 200 like.php Show response
www.facebook.com/v14.0/plugins/ Frame A09D 48 KB
18 KB 441ms
389ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17c9c757ffc98%26domain%3Dbehindmlm.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbehindmlm.com%252Ff253aa08ab1ecac%26relation%3Dparent.parent&container_width=530&href=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&layout=button_count&locale=en_GB&sdk=joey&share=false&size=small&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js?hash=407ebba280503ebccf3da41f8653408a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

844e8ae3ecd7573dd33592796be075c9afa53d560bacee8bf5de2b97cb7479b7

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Tue, 16 Aug 2022 15:43:50 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v14.0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: QwPnAFiEZ8sVUs5iWrW8U9+v3dM/yMPTwxGqYlgsnvPKivGdMkARqVD2IFZCAUSS2bUoy4cGRbNomQl1pIgfuw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 89ms
41ms XHR
application/json 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220811&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f2c7877e7a0eb675c399483b1d8a662407c01883e5199d9293e832f3cc49465

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 15:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10977
x-xss-protection: 0

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame BC55 36 KB
14 KB 30ms
20ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 18:05:18 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 43ms
43ms Script
text/javascript 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208110101/show_ads_impl_fy2021.js?bust=31068937

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 15:43:50 GMT

GET
H3 200 compban.html Show response
fundingchoicesmessages.google.com/f/AGSKWxU30GDquujbC6O54DQL6TKxGFNLM9JEJ-nwCK_zDj1iwSVaJL0wyyRhPcrIgr76Fau2gAre7OWRfcXR4_IgRDb8srByIui3Qwx2MKUpkddNPQq71nXCJ9yuJ8-IXAwuCc1ViZe2TJlXXludBR_iMwztgwcTg... 54 B
110 B 50ms
49ms Script
application/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU30GDquujbC6O54DQL6TKxGFNLM9JEJ-nwCK_zDj1iwSVaJL0wyyRhPcrIgr76Fau2gAre7OWRfcXR4_IgRDb8srByIui3Qwx2MKUpkddNPQq71nXCJ9yuJ8-IXAwuCc1ViZe2TJlXXludBR_iMwztgwcTg_D1QmfEXPbN2hyfG0x1roqet8KSBtOc/_/pop_under./img-ads./vice-ads./compban.html?/ads/view.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.4wI5rbfYPJs.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxL9AJKm6GuDXowUKN2xnwRH1fXoQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

700161bf61f75aa7cf238738d9f8b700965df060bda8487cffaf8e02536effba

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-d39kaRv_dpT291OpeEtB2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-d39kaRv_dpT291OpeEtB2g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-d39kaRv_dpT291OpeEtB2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-d39kaRv_dpT291OpeEtB2g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 150 B
175 B 26ms
24ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.4wI5rbfYPJs.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMxL9AJKm6GuDXowUKN2xnwRH1fXoQ/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40b236f82ab80f86a107f3f515f08efd59e273ef9120c58ef6f1f92c5a59676f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 149
x-xss-protection: 0
server: cafe
etag: 8503686451332090603
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 15:49:58 GMT

POST
H3 204 AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 47ms
46ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-obzXuEFlff_64ArldgtBDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-obzXuEFlff_64ArldgtBDw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-obzXuEFlff_64ArldgtBDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-obzXuEFlff_64ArldgtBDw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 52ms
50ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-U0x3QAaD2RstkNC9AjQNRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-U0x3QAaD2RstkNC9AjQNRw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-U0x3QAaD2RstkNC9AjQNRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-U0x3QAaD2RstkNC9AjQNRw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 54EC 13 KB
5 KB 22ms
20ms Document
text/html 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 2894
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 14:55:36 GMT
expires: Wed, 16 Aug 2023 14:55:36 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B5B9 783 B
535 B 46ms
45ms Document
text/html 2607:f8b0:4006:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2004 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

94520b570dd00997df2136571b5b5dd4f1492f1e4d98be847918d34bdec62dfb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-q1y-RDep3wwazW8VqoI_mQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-q1y-RDep3wwazW8VqoI_mQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 15:43:50 GMT
expires: Tue, 16 Aug 2022 15:43:50 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 47ms
46ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-iNCUf_2p4fO5qsX_0oU8bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-iNCUf_2p4fO5qsX_0oU8bQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-iNCUf_2p4fO5qsX_0oU8bQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-iNCUf_2p4fO5qsX_0oU8bQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 56ms
56ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWZzT4mnVNADHoYMHNpF1wK_QRAcihS6Qfkh81omQAHTFZldHwoAwwR6WydLnaiwawKDZz57k97nVYO-Z-uLZcNQGGXrkmX1eVS_w2uvHbENgsUubXSX_3vh4qdW7Ecg-s0vaPbEg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YJTXIEAYi0HFek5wNBLn5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-YJTXIEAYi0HFek5wNBLn5Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-YJTXIEAYi0HFek5wNBLn5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-YJTXIEAYi0HFek5wNBLn5Q' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxVqjkK-R1fC08Ht44Di3lKs2XX-6RCBdZCwdKJufoik-rgum8YxjB8PqGj_B3vvgUYk1krbSWOhpp2viAv1z_7XiYPHoJccx3HK9U73BmVFmHvUmAf19NiBs50SY256S_tZ3c9UKg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 61ms
60ms Script
application/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVqjkK-R1fC08Ht44Di3lKs2XX-6RCBdZCwdKJufoik-rgum8YxjB8PqGj_B3vvgUYk1krbSWOhpp2viAv1z_7XiYPHoJccx3HK9U73BmVFmHvUmAf19NiBs50SY256S_tZ3c9UKg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYwNjY0NjMwLDU4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9iZWhpbmRtbG0uY29tL21sbS1yZXZpZXdzL3NhZmlyLWludGVybmF0aW9uYWwtcmV2aWV3LXplbmlxLWNvaW4tcG9uemktcmVib290LXNjaGVtZS8iLG51bGwsW11d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

08bc770369e60331e1a9e11ab1683984c43953ba148199d051536557f75acf62

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-EGJdBxoAXJt1JG8usRUw9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-EGJdBxoAXJt1JG8usRUw9g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: script-src 'report-sample' 'nonce-EGJdBxoAXJt1JG8usRUw9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-EGJdBxoAXJt1JG8usRUw9g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Tue, 16 Aug 2022 15:43:50 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 54EC 36 KB
14 KB 29ms
29ms Script
text/javascript 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337112
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Aug 2023 18:05:18 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B5B9 0
0 86ms
79ms Image
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220811&jk=2415633600784731&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

POST
H3 204 AGSKWxWIja6K5iEtnkfF-TemnC2pBXviFDR66RR0UDRj12Q0BaTmw6BTNPryjx4gCii2XD2aqk06Y04OTvYsjodFdAQT4g-5JDXk2h4fedNwOqIBXn2tm6INFOz3tHWDSQOOnHfuVJkxVQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 50ms
48ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWIja6K5iEtnkfF-TemnC2pBXviFDR66RR0UDRj12Q0BaTmw6BTNPryjx4gCii2XD2aqk06Y04OTvYsjodFdAQT4g-5JDXk2h4fedNwOqIBXn2tm6INFOz3tHWDSQOOnHfuVJkxVQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zsllnYDykdxqFsZBy2N0Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-zsllnYDykdxqFsZBy2N0Qw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-zsllnYDykdxqFsZBy2N0Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-zsllnYDykdxqFsZBy2N0Qw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWIja6K5iEtnkfF-TemnC2pBXviFDR66RR0UDRj12Q0BaTmw6BTNPryjx4gCii2XD2aqk06Y04OTvYsjodFdAQT4g-5JDXk2h4fedNwOqIBXn2tm6INFOz3tHWDSQOOnHfuVJkxVQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 46ms
45ms XHR
text/html 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWIja6K5iEtnkfF-TemnC2pBXviFDR66RR0UDRj12Q0BaTmw6BTNPryjx4gCii2XD2aqk06Y04OTvYsjodFdAQT4g-5JDXk2h4fedNwOqIBXn2tm6INFOz3tHWDSQOOnHfuVJkxVQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::200e New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3ocYqlik3tYmMMJfpaak4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-3ocYqlik3tYmMMJfpaak4w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://behindmlm.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://behindmlm.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-3ocYqlik3tYmMMJfpaak4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-3ocYqlik3tYmMMJfpaak4w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 54EC 0
10 B 21ms
19ms Image
text/plain 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-ruduw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:823::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame A09D 299 B
727 B 58ms
18ms Image
image/png 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17c9c757ffc98%26domain%3Dbehindmlm.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbehindmlm.com%252Ff253aa08ab1ecac%26relation%3Dparent.parent&container_width=530&href=https%3A%2F%2Fbehindmlm.com%2Fmlm-reviews%2Fsafir-international-review-zeniq-coin-ponzi-reboot-scheme%2F&layout=button_count&locale=en_GB&sdk=joey&share=false&size=small&width=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: ATVXy5enj9dy8rZfscEPL/VSGmga2JEBRlIrWe4/axQl2+gVIS3ReU9M9C+yJWqOAYPB+4e1rxBkbQkRE9bMfQ==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 16 Aug 2023 14:23:59 GMT

GET
H2 200 ZTXt2HMksce.js Show response
static.xx.fbcdn.net/rsrc.php/v3i7244/y1/l/en_GB/ Frame A09D 535 KB
139 KB 19ms
19ms XHR
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3i7244/y1/l/en_GB/ZTXt2HMksce.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a1aa516ef1a3562c756692f8098cafb693bb9e74dcae0663ec78a8003c38e125

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 15:43:50 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: hIVTay/8jV/M1wj/spG0mw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 142417
x-fb-rlafr: 0
x-fb-debug: fUkXrf59uPRyyXQ1F1dGKI58+CIEM/QrWY49IQV/Vd5MRJP/+b84JOt3+9vMdiMILHTbqzpMHh13jUQhq9C8lQ==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 12 Aug 2023 00:42:22 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3F0B 42 B
64 B 46ms
46ms Fetch
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst8IDWoZ5ZsF0MScqYB3V-PjNWXQZ0okWxZeZxbLGT_rmxoc95i893xxyTHH95BLBG2w2ajEwOSpATayoN6aeBnDtgFb_HLMWi8kMnIcyJKk15b9MHYQbYB7xNrFiPkUyYCB7A0IbClYA&sai=AMfl-YQeh0Y7fDqajfuZar0YFg4vvZAkWNtlMVUZgT6Ay1qxjbU_95stltPfhbCAaYJJkPwZ2Drl4MnO0MrN&sig=Cg0ArKJSzM_5eTgmCdIcEAE&id=lidar2&mcvt=1000&p=0,0,86,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220815&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1611337112&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660664629102&rpt=885&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BB57 42 B
64 B 37ms
36ms Fetch
image/gif 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvm0gNizIaRaqRyz3NIcP3hzPxvlx6Lm6lNwkyvJzRIOO217FqawebHXZBA1LcWeOXyMLszpiEymho2pzvNaLZ5BL7sS0Why8qLNw3VopoSflHYBsgS651JoBF806cb9lTTXsufKhrAcw&sai=AMfl-YTiu3w5nC2sbocmnmECMoSQO27AzBkXBHmdXsGc33uQyvrdrnDxbzx2M1Yo2BOjhEUcXmecKeqMLhlA&sig=Cg0ArKJSzHgCgyp5TOtzEAE&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1506438776&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660664629112&rpt=1102&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 15:43:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 84ms
84ms Image
text/html 2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220811&jk=2415633600784731&bg=!lpWlldHNAAa4hXTbmIU7ACkAdvg8Wuwn9YCI5cc8LsXWNB4q05G25HmOjkKiXWiU6-MoINZdkcn4egIAAABrUgAAAAJoAQeZAt5Z_uG4fyWWvewQnJXZAAyzsMjpFO67aGS9wZ3hQ3HTpW1_3lbCnEIihy7hX6u4cDbth4pVZYEOY7yX19mAaVMq9s7RDRs4ikYUh7aML1YQ959JRnh9LIE0oG3E99K-v6e-h65uy_zHW45dJV-rcajR_F6UwWbYFvx3ZzyaLEMHp_BmaEbcppNO_AJVIHIYEt5W_X4zy7ukXOhrl4qfsHeQfBXvqPmxA570DNCzi9DW2QDZ0bgfM45bcv9YehN8HVxfmTftNLFxLzwiT_-f9Lb59dM3avFIPw5_mlyqDcYg8CYP639Zu9v1RNoNycyxYvVKTszju4oN8y4voYFM6zky0L2jO-MGdMUGS3ZS1mRzkv7LxMLENd6Wb4LsfMCRdU0rWOcQKtIN4Pxk3i6MuNz8WiM3F5sXocgFYM3yLAn-PU2R3-LY9JWsjLF6zX9tvvt8jwBKZxw5ZN9XArql6TQyWmbQjodSi7D0VjYgKYmN7dguKR-Vy4ThTxYtNWi9-kDMh2xJQDXmo5DEddAY3JSyNKrYNOlP8fBCRBBrn26X7O_S-36fMkZW_8HOpgVefBti3Gqt93ORk0rW641H59u1NVHpbSlq7g22WSBG_g1idWPvz-Opl18QVZMW3eubmfpWSMDaTarJ0cyoLfyk3LzlUyiUweFIBGeHDnreAr0e6CENtjRiF5tlLZBpBisa6ZqRqe0WwtZkx_rOFWwHvogX8asLRxCkGdziuG5oIhbaPEOsnw8nfWWiMw5KbQY2UdpBU9SH-QcDtXsfQzcMQVU_FzmBUQDhX_2mHyrze3lU1hZTccmqQdZa_KObJeLXHjZ4AmfiqhS2ykkHt5oprLx_IxgmZh87x_s5ekGD0RpvPS2UnyuyrZJ_Sd1uuPdBtLw6PdYQX6K1CZjiJzWh4lxF9Zk51rwpuKYCLarA43pCN3n3AnAxyZblDiJoKVkgbdeMYPna6TsIrQu7bCO0pw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://behindmlm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-20 09:41:15	Name: NID Value: 511=hQkyB5qISQe25-gYCoplZe4gzFLOBgXArqNPHnu4ffr1qKe-QW8pW6Ej-Io4iTk_i6AcX6pfeq7zA566WHOdj7lwQJhosDCzOYcJfPx5FK5fibaPl9Sa5t4SPe0W06v_i9pfKMDGCtqPZ9unQ-6Uf8Kr7LqeqlRckXEXqQrmpao
.behindmlm.com/	1970-01-20 14:53:44	Name: _ga Value: GA1.2.1615710292.1660664629
.behindmlm.com/	1970-01-20 05:19:11	Name: _gid Value: GA1.2.1267212866.1660664629
.behindmlm.com/	1970-01-20 05:17:44	Name: _gat_gtag_UA_10834465_2 Value: 1
.behindmlm.com/	1970-01-20 14:39:20	Name: __gads Value: ID=053c8eb53eb4163f-227b2aaedfd500a3:T=1660664629:RT=1660664629:S=ALNI_MZm9VPt6i88oAV18MZR2JlCOr8hlg
.behindmlm.com/	1970-01-20 14:39:20	Name: __gpi Value: UID=0000072f6c6d2e53:T=1660664629:RT=1660664629:S=ALNI_MYvYbspYWTMCpbIxgMLkmj0sG9JyQ
.doubleclick.net/	1970-01-20 14:53:44	Name: IDE Value: AHWqTUlNXF95zXtMjO2s0uK6vVxEb4q_KMfsM673CvTDj5xwFVD5k_Cuv19rC2Od6tY
.doubleclick.net/	1970-01-20 05:17:48	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 05:17:45	Name: test_cookie Value: CheckForPermission
.behindmlm.com/	1970-01-20 14:03:20	Name: FCNEC Value: [["AKsRol_u1qGYxo_7pwzzIuxQU6TfzEfGAPDp5FGGAnx9EtHwyDi7OXKtTTaocHyJi2krUl5ZW2lpyCwZOQADfz_zAyJYgWBjlo0S5LdjNzHfBOS--qowX1q-gnvYdpK1H_-0CInjJ4irSc3gk9Ac42Q2u3lIflz3JA=="],null,[]]

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3Dpartner-pub-1989076782517459:6677894630&q=EhAmB1MAAGB4ZwAAAAAAAAARGLT27pcGIhAoBu9mCmZe-jZkNoer03ZXMgFy Message: Failed to load resource: the server responded with a status of 429 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.ca
adservice.google.com
behindmlm.com
connect.facebook.net
cse.google.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
platform.twitter.com
s.w.org
static.xx.fbcdn.net
stats.wp.com
syndication.twitter.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.244.42.8
142.250.80.70
142.251.40.162
192.0.76.3
192.0.77.48
2606:2800:220:de:468:2285:c1:4a3
2607:f8b0:4006:807::2002
2607:f8b0:4006:808::200e
2607:f8b0:4006:80c::200e
2607:f8b0:4006:80d::200a
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80f::2002
2607:f8b0:4006:816::200e
2607:f8b0:4006:817::2002
2607:f8b0:4006:81c::2004
2607:f8b0:4006:81e::2003
2607:f8b0:4006:81f::2002
2607:f8b0:4006:822::2008
2607:f8b0:4006:823::2001
2607:f8b0:4006:824::2003
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:83:face:b00c:0:25de
35.190.67.83
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
08bc770369e60331e1a9e11ab1683984c43953ba148199d051536557f75acf62
0db6bdf01b228550ac4140ddda661ed2cfdfacaca5fd3ba5374336df930951f9
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
2c7d9d04d7417deff286a7567eae9a9e7a88f2d52390b9730631389a9e02f729
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2efe0d8072659b087901323e1fdb18a0f57e6011cb9cb7edff6e1723fc2e8d70
32dd00604df8db3415240d450341558b6827b1e02dc0f211d8a6d9a4287c522e
33558069624c6849e3bedf4ef9ead7bf4cef2afdd7ecb64758a660fa4ae5ed8d
3d3747e48ec944ec37d7a894a77f3231734f02e97b56b755185a7d2a2ab2b3d5
40b236f82ab80f86a107f3f515f08efd59e273ef9120c58ef6f1f92c5a59676f
41478e547c5b6ad66bfcf91ead5350fa0bc247956c3ff912020327e3e9ad0d2b
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45cc293005a29516cb4b17adbd8fa0248621e7fecf7a6d47f10a7ae5f5772d45
48fdcad6248cad75d16876289b4543334d70d7aab6c06f79160034568468f813
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4ae57eb1aa5ad3a582a66d11ca5c6bb1dd4a60fa386b656ddbcb82091ed94add
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4f2c7877e7a0eb675c399483b1d8a662407c01883e5199d9293e832f3cc49465
534e29bef44e745b2e3547ce980f49cedf46c0e1bc5ff3c45f85a9a6404c174f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5c7997c079c7e7b7e9099e53835a332f993b037c07039cb4cfef65532e1aeda8
5f42aeba809537158371a7432f9c30bff2fa241655a2f69b6fdb90167fcb645b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
68cb73fb8450e9b6d99bfe07cd80d8526b28287a6e33c8b30684d5ec9c46fd24
6a4120a31e11cdeee8c948c8686d04b5a27c4e0a722936a97729e1298b9f3183
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b95fdcfb0e90c360a90be53a6f6acc2e6b512b0100f5a6fab907643bd7f95a8
6c9e9bd4e992b05389236894daba31e34cc03e95c1dcb18fdb229087df1606c6
6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf
700161bf61f75aa7cf238738d9f8b700965df060bda8487cffaf8e02536effba
75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338
7a3f9582e461eb448cf6da3c9999cb554707e7a7c02f6c7a6af3bdf14dc4b93d
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8379556e836f7b1810485827899f236030cb3bf64c9b7323fe705af58cc7b676
844e8ae3ecd7573dd33592796be075c9afa53d560bacee8bf5de2b97cb7479b7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b283e0604bed5fd52532c293e5d792be8d35ee6c7d9d4a303759dcb41567d9e
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
92d6cc26916cd66aa6baa7829955829200236292f68561c1c0fc44cbf970b28d
93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f
93d57070891158b46857268e1f539c94d0f7ef59a2eeb0e5ae5e128e4fa26b6b
943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2
94520b570dd00997df2136571b5b5dd4f1492f1e4d98be847918d34bdec62dfb
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9886e9c9284d915916906d857b9d2045318ae29bba7d360b2cad9758deb8a292
9912422d41d272dd5ae51858e6af68875114b8d010358e62c27757cdae03913f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1aa516ef1a3562c756692f8098cafb693bb9e74dcae0663ec78a8003c38e125
a416e8905a3d5773c47fbb2166e048301ea8746d32c526e44611dcacd0899d97
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188
a696780889eee97240f5e1fc499d49ffdf64a6d5bacb18861a0e78310c9b08bf
a9729002880774b272306f1cc58eab97d1121239e882419538e5e6548ccc260e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad72c063814c31626b8b9509a599850d3abf705366819bd37377e3311922af06
b159bc1bdac7fddc83b6fdd1b1b72657d55677b36a548f9d242bf6eea420dc30
b1b0541f82f31cab4d9c95f9e0ed760d579580a0dde81bfa342effb6c8b677d6
b1bac8367f903d5efde4f198ba2394d53f3294d1ba8c5a5edeb1f6d71582e2cf
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
badbad062f2e942c3eab0d49366f65e2ff7e705a80deeac6a2bcdbcb824d6bd8
bb487ee954b0658f6522225685b5a71e11b5901228d76f2fc5f824d35f5614df
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bfc62cb93d376fcaa619279e23ed2889779aaaa7bdf1a25dd0c42f5ed2d657b0
c227fe7d87b331c7a9adec030bc137f0d456fa6c2bf6c6661157219390d773d3
c3defaa46be5f059610a6b8b86a4fbf2ca1000c9c48fcc25423a7750dae3333b
c45e80d9ef1c9abf9b8acd9e6e45edd6aa269e246b149af86056c76686e0a44c
cbc7e6b7036a674ce0a9d58ff3d72880569810e2d50dad19d55dd5c4da321933
d151abaa7946d205cc769fd84d0acaeec4b759872dc714b237435f10ece11d35
d59bfe78466d3fa4afdd786dfc4270dfed248a5ddc54d2e79b39b303de37903f
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d8be3a402a3b2ad808402cea111ba3d286239d88e06c8e2969c84f46050dc88a
d8ef8e5c706cf73e96dbba91218a8ed411e88710d37f93337d5be681ee5b929f
dba12b9485e12b990bcc8a631cd7e3a0e7409579c76d86ec6b10d52356b98b38
dbdba159606e8249a21382fb9edcbb00bcb3e03d9d293260daef975b7c1d7666
dca782aae511ad03d0c60a2aaa50d5226a5f83e3af282389243d32f0c493e2a5
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
debd37ac7dd10010679d1ee9b2447bcfd225868e83fd937792bb397dddbb7766
e033ab6e401e91abdde173b0c9b8f85560439bf72b36bbb151dcf2cf629b9fa4
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
e5523817c03c9d1d0e9f9432147d15c0208adfec32b2ca3a22a7e6b1714b4c82
ebfe762524e5f5efd99d6ec3c7bd8c0297fcb2f81644b006dc2cb9799fdff05c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
f36873f089ceaae6f322e8b7b1e536c1e2d549bb88abacb2e010d1dad9d8d005
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3f267a609e24bff024fc690842a6d3e49e6d472ec352f1eb3e2751140e72872
f438bd946bcf76ec40f285a8f83382d9f8b26d28099f35e3db66503b41ef2620
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
febe7eb6b4d3daabd19f253830acaddb7014b75029ad8744912d45bd1627a978

behindmlm.com Open in urlscan Pro 35.190.67.83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

144 Requests

97 %HTTPS

74 %IPv6

17 Domains

25 Subdomains

23 IPs

1 Countries

1795 kBTransfer

4778 kBSize

10 Cookies

2 Outgoing links

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

behindmlm.com Open in urlscan Pro
35.190.67.83 Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

97 %
HTTPS

74 %
IPv6

17
Domains

25
Subdomains

23
IPs

1
Countries

1795 kB
Transfer

4778 kB
Size

10
Cookies

144 HTTP transactions
9 data transactions