behindmlm.com Open in urlscan Pro
2600:1901:0:7cc:: Public Scan

Go To Rescan
Add Verdict Report

URL:
https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Submission: On May 14 via manual (May 14th 2024, 8:40:34 pm UTC) from US — Scanned from DE

Summary HTTP 72 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 23 IPs in 3 countries across 13 domains to perform 72 HTTP transactions. The main IP is 2600:1901:0:7cc::, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is behindmlm.com. The Cisco Umbrella rank of the primary domain is 835837.
TLS certificate: Issued by R3 on April 14th 2024. Valid for: 3 months.

This is the only time behindmlm.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2600:1901:0:7... 2600:1901:0:7cc::	15169 (GOOGLE) (GOOGLE)
3	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
17	35.190.67.83 35.190.67.83	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
6	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::2001	15169 (GOOGLE) (GOOGLE)
3	172.217.23.99 172.217.23.99	15169 (GOOGLE) (GOOGLE)
2	142.250.185.174 142.250.185.174	15169 (GOOGLE) (GOOGLE)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
72	23

11 2600:1901:0:7cc:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

behindmlm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 35.190.67.83 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 83.67.190.35.bc.googleusercontent.com

behindmlm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	behindmlm.com behindmlm.com — Cisco Umbrella Rank: 835837	198 KB
20	google.com news.google.com — Cisco Umbrella Rank: 6421 cse.google.com — Cisco Umbrella Rank: 3089 www.google.com — Cisco Umbrella Rank: 2 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 646 clients1.google.com — Cisco Umbrella Rank: 479 region1.analytics.google.com — Cisco Umbrella Rank: 3095	396 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	409 KB
5	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1357 syndication.twitter.com — Cisco Umbrella Rank: 1719	31 KB
3	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103	242 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2906 pixel.wp.com — Cisco Umbrella Rank: 2883	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	90 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 101
1	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 44	8 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	6 KB
1	google.de www.google.de — Cisco Umbrella Rank: 7810	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 89	243 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	89 KB
72	13

	Domain	Requested by
28	behindmlm.com	behindmlm.com
6	www.google.com	behindmlm.com cse.google.com www.google.com www.gstatic.com
6	news.google.com	behindmlm.com news.google.com
4	fonts.gstatic.com	news.google.com behindmlm.com fonts.googleapis.com
4	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
4	platform.twitter.com	behindmlm.com platform.twitter.com
3	pagead2.googlesyndication.com	behindmlm.com pagead2.googlesyndication.com
2	cse.google.com	behindmlm.com www.google.com
2	connect.facebook.net	behindmlm.com connect.facebook.net
1	www.facebook.com	connect.facebook.net
1	syndication.twitter.com	behindmlm.com
1	lh3.googleusercontent.com	behindmlm.com
1	fonts.googleapis.com
1	www.google.de	behindmlm.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	clients1.google.com	behindmlm.com
1	pixel.wp.com	behindmlm.com
1	www.gstatic.com	www.google.com
1	stats.wp.com	behindmlm.com
1	www.googletagmanager.com	behindmlm.com
72	21

This site contains links to these domains. Also see Links.

Domain
feeds.feedburner.com
en.wikipedia.org

Subject Issuer	Validity	Valid
behindmlm.com R3	`2024-04-14` - `2024-07-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.news.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-22` - `2024-05-22`	3 months	crt.sh
*.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.gstatic.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.de WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.googleusercontent.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
syndication.twitter.com R3	`2024-04-06` - `2024-07-05`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Frame ID: 39B666B6E32E8C7057FDE3A8A53A97FE
Requests: 67 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fbehindmlm.com
Frame ID: 6CED0B10E8757C5B0EAF6043D33C9FA5
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf4n2EpAAAAAJJn5FqRP52VTFOYD77n3Onoux9b&co=aHR0cHM6Ly9iZWhpbmRtbG0uY29tOjQ0Mw..&hl=de&v=vjbW55W42X033PfTdVf6Ft4q&size=invisible&cb=d0p7xjs9nox
Frame ID: A42F8B02A2D8DF39B565A9247A4E73E4
Requests: 1 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=1715719230092&sut=AdgM6%2FnHb0Po0I4LNS82O9QYtwoKN8vJAQxFcGNIbzJFYMDZpS5S%2FHbNrqfS99TdjMrlYS3xhU5NGtL2nAYgUeTlKwtEiWDKBAse10m2uNrlXG9f2w%3D%3D&publicationId=CAow4MrUCw
Frame ID: EA542F3337CE723E6DCCC7F93A2E1055
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: A60D58ED6AF232871901A283D2DFF13E
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df896410a3ce788bfb%26domain%3Dbehindmlm.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbehindmlm.com%252Ff67133e620673ef8f%26relation%3Dparent.parent&container_width=530&href=https%3A%2F%2Fbehindmlm.com%2Fcompanies%2Fcfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme%2F&layout=button_count&locale=en_GB&sdk=joey&share=false&size=small&width=
Frame ID: D868FE0A9749E107AF2C6444DEC70CDA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CFO allegedly confirmed Family First Life is a Ponzi scheme

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

72
Requests

99 %
HTTPS

64 %
IPv6

13
Domains

21
Subdomains

23
IPs

3
Countries

1471 kB
Transfer

4122 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://feeds.feedburner.com/Behindmlm
Title: RSS

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Fair_use
Title: Fair Use

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

72 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/ 80 KB
19 KB 468ms
378ms Document
text/html 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

435778bfee037a1ebe89d236fa204aa2ab579bf82f6d98a7e5bc923846b0b07d

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=600,public,must-revalidate,stale-while-revalidate=86400
content-encoding: gzip
content-length: 19654
content-type: text/html; charset=UTF-8
date: Tue, 14 May 2024 20:40:29 GMT
last-modified: Tue, 14 May 2024 20:28:20 GMT
server: Apache
vary: Accept-Encoding
via: 1.1 google
x-frame-options: sameorigin

GET
H2 200 style.css
behindmlm.com/wp-content/themes/BehindMLM2/ 14 KB
3 KB 60ms
58ms Stylesheet
text/css 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

68cb73fb8450e9b6d99bfe07cd80d8526b28287a6e33c8b30684d5ec9c46fd24

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 08:27:45 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 05 Jan 2022 06:18:53 GMT
server: Apache
age: 2117564
etag: "3727-5d4cfba600aa3-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3128

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
51 KB 143ms
59ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a07e61905af7753f5b72c7faeb1a96b97b87a612d8bb22e6e964fc98e1cbdcca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52333
x-xss-protection: 0
server: cafe
etag: 9095313948926495835
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 252 KB
89 KB 410ms
72ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SBVC6ZKEK6

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1d668ba05666faf07965c0387fe0f340ab10aa9f5eb498b1894866dd6ccee9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90681
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H2 200 swg-basic.js Show response
news.google.com/swg/js/v1/ 252 KB
73 KB 142ms
39ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-basic.js

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c297dd0ce4816acaf52c91d3406e0cc2dd81bf7cbc7d339f9810040e36bba61d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74636
x-xss-protection: 0
last-modified: Wed, 08 May 2024 15:50:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Tue, 14 May 2024 20:59:42 GMT

GET
H2 200 style.min.css
behindmlm.com/wp-includes/css/dist/block-library/ 111 KB
15 KB 47ms
45ms Stylesheet
text/css 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/css/dist/block-library/style.min.css?ver=1d9b22a9d5693efe40dca4d0447cc934

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 01:33:46 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 04 Apr 2024 08:45:15 GMT
server: Apache
age: 587203
etag: "1bae5-615415bad4cf5-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14991

GET
H2 200 mediaelementplayer-legacy.min.css
behindmlm.com/wp-includes/js/mediaelement/ 11 KB
3 KB 56ms
55ms Stylesheet
text/css 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 08:27:45 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 09 Dec 2020 01:22:53 GMT
server: Apache
age: 2117564
etag: "2bf8-5b5fde5fbbaa8-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2592

GET
H2 200 wp-mediaelement.min.css
behindmlm.com/wp-includes/js/mediaelement/ 4 KB
1 KB 92ms
90ms Stylesheet
text/css 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=1d9b22a9d5693efe40dca4d0447cc934

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 01:33:46 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 13 Nov 2019 09:12:24 GMT
server: Apache
age: 587203
etag: "105a-59736c358c0b1-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1156

GET
H2 200 styles.css
behindmlm.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 99ms
98ms Stylesheet
text/css 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.9.4

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 11:21:09 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 08 May 2024 11:12:59 GMT
server: Apache
age: 551960
etag: "b4e-617ef629d59a4-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1015

GET
H2 200 jetpack.css
behindmlm.com/wp-content/plugins/jetpack/css/ 105 KB
19 KB 60ms
59ms Stylesheet
text/css 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/jetpack/css/jetpack.css?ver=13.4.2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

c21d34249d4a61b1d0df5209aeb7cceed64891dcb7233ce6e91771306489baf7

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 04:58:05 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Tue, 14 May 2024 02:21:44 GMT
server: Apache
age: 56544
etag: "1a512-61860a9c93128-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19376

GET
H2 200 quote-comments.js Show response
behindmlm.com/wp-content/plugins/quote-comments/ 6 KB
2 KB 93ms
92ms Script
application/javascript 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/quote-comments/quote-comments.js?ver=1.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

badbad062f2e942c3eab0d49366f65e2ff7e705a80deeac6a2bcdbcb824d6bd8

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 07:37:35 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Sun, 21 Nov 2021 00:51:04 GMT
server: Apache
age: 2120574
etag: "16c1-5d141e72a337a-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1691

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
4 KB 132ms
39ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cbd29c1a71bf34e97dbc2e69050c0b91f87b42fa75aee9089f5254c5146e2fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 May 2024 20:40:29 GMT
content-md5: BGHms6c4QQakt9NqBB5NKA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2811, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: fElWO/DpGYMzOSasjTwHCQAv/C/Pmqz1vpZhKmEqjfmQ/E1Qv87fQbnjzXkcCwCHkbcJDRtsE5aLQSqYlF8RZg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: df4098db34508db47d5572781c9a2080
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "4e56da215677615322d62ff7c5cbe856"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 14 May 2024 20:47:30 GMT

GET
H2 200 behindmlm-logo.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 8 KB
8 KB 93ms
92ms Image
image/gif 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/behindmlm-logo.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

ad72c063814c31626b8b9509a599850d3abf705366819bd37377e3311922af06

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 06:09:45 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 1002644
etag: "1fce-56862d02654fc"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8142

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
51 KB 167ms
84ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1989076782517459

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

6f70642d5bf7c8e444aed43f9929a3e1d8e835655383704d0e485fd7be4d5783

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52394
x-xss-protection: 0
server: cafe
etag: 4994140663036088749
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H2 200 family-first-life-logo.webp
behindmlm.com/wp-content/uploads/2021/11/ 4 KB
4 KB 380ms
380ms Image
image/webp 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2021/11/family-first-life-logo.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

6c31a7b93ec9ad88acece2007602e363fce0b9165896e38b93a3075c12ece48f

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
via: 1.1 google
last-modified: Mon, 01 Nov 2021 14:17:59 GMT
server: Apache
etag: "10fe-5cfbad80d7fe2"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4350

GET
H2 200 ryan-montalto-family-first-life.webp
behindmlm.com/wp-content/uploads/2023/06/ 20 KB
20 KB 376ms
376ms Image
image/webp 2600:1901:0:7cc::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2023/06/ryan-montalto-family-first-life.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7cc:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Apache /

Resource Hash

f22070689b13f7dc5cbb936c58acf74778b6a5c3d88b5d57bc6f976b7b356396

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
via: 1.1 google
last-modified: Fri, 23 Jun 2023 10:52:38 GMT
server: Apache
etag: "4eee-5fec9cca4b1ce"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20206

GET
H3 200 agent-recognition-matthew-smith-family-first-life-2017.webp
behindmlm.com/wp-content/uploads/2023/06/ 61 KB
61 KB 380ms
379ms Image
image/webp 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/uploads/2023/06/agent-recognition-matthew-smith-family-first-life-2017.webp

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

eef855207482fec547000c4232c2021643b8a984f7c228fee2506fd8b8551fe3

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
via: 1.1 google
last-modified: Fri, 23 Jun 2023 10:52:35 GMT
server: Apache
etag: "f284-5fec9cc77c4af"
x-frame-options: sameorigin
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62084

GET
BLOB 200
OK 726593d6-463d-47bc-ba18-774de94a7fa2
https://behindmlm.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://behindmlm.com/726593d6-463d-47bc-ba18-774de94a7fa2
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 172ms
69ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=partner-pub-1989076782517459:6677894630

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

c1190ef19dd0b0246e258e38984b6b6ef96334940dbdeb3723a4b30d4522a60d

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-LfHfBXepydCCcdpzlVyghQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-LfHfBXepydCCcdpzlVyghQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Tue, 14 May 2024 20:40:29 GMT
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3126
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private
permissions-policy: unload=()
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H3 200 date.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 540 B
561 B 46ms
45ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/date.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

a416e8905a3d5773c47fbb2166e048301ea8746d32c526e44611dcacd0899d97

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:32:38 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 22071
etag: "21c-56862d026455c"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 540

GET
H3 200 folder.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 970 B
991 B 46ms
46ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/folder.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

f438bd946bcf76ec40f285a8f83382d9f8b26d28099f35e3db66503b41ef2620

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 00:45:10 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 590119
etag: "3ca-56862d02635bc"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 970

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 189ms
42ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 14 May 2024 20:40:29 GMT
Content-Encoding: gzip
Age: 889
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/6713)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H3 200 related.css
behindmlm.com/wp-content/plugins/yet-another-related-posts-plugin/style/ 307 B
200 B 44ms
42ms Stylesheet
text/css 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/yet-another-related-posts-plugin/style/related.css?ver=5.30.10

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

2efe0d8072659b087901323e1fdb18a0f57e6011cb9cb7edff6e1723fc2e8d70

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Apr 2024 14:13:10 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Sat, 17 Feb 2024 13:06:38 GMT
server: Apache
age: 2269639
etag: "133-6119387ea594d-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 177

GET
H3 200 footerlogo.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 3 KB
3 KB 48ms
46ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/footerlogo.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

cbc7e6b7036a674ce0a9d58ff3d72880569810e2d50dad19d55dd5c4da321933

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 06 May 2024 19:27:01 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 695608
etag: "c47-56862d02683dd"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3143

GET
H3 200 anti-spam.min.js Show response
behindmlm.com/wp-content/plugins/anti-spam-reloaded/js/ 923 B
454 B 58ms
56ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/anti-spam-reloaded/js/anti-spam.min.js?ver=6.4

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

febe7eb6b4d3daabd19f253830acaddb7014b75029ad8744912d45bd1627a978

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 24 Apr 2024 11:56:08 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 13 Jan 2022 04:58:21 GMT
server: Apache
age: 1759461
etag: "39b-5d56f890fc692-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 431

GET
H3 200 index.js Show response
behindmlm.com/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
3 KB 51ms
49ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.9.4

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

46e36dd6ca93014e4915c723632bf180d27cc96ccfb7c26e69213e1a82129a62

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:32:38 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 08 May 2024 11:12:59 GMT
server: Apache
age: 22071
etag: "2cf9-617ef629d6945-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3354

GET
H3 200 index.js Show response
behindmlm.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 53ms
51ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.9.4

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

d702e5ed1e573918d912775ac1e88987fc177aa51efe1253a08f71ab54f96516

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 11:20:16 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 08 May 2024 11:12:59 GMT
server: Apache
age: 552013
etag: "32fe-617ef629d59a4-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4169

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
964 B 134ms
51ms Script
text/javascript 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6Lf4n2EpAAAAAJJn5FqRP52VTFOYD77n3Onoux9b&ver=3.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

279591ceccca5a82dda9657834418a1fffd8ed85841517256fce3bdf68d10064

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H3 200 wp-polyfill-inert.min.js Show response
behindmlm.com/wp-includes/js/dist/vendor/ 8 KB
2 KB 58ms
56ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 11:09:19 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Fri, 31 Mar 2023 07:18:44 GMT
server: Apache
age: 552670
etag: "1feb-5f82d04ff6dd1-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2484

GET
H3 200 regenerator-runtime.min.js Show response
behindmlm.com/wp-includes/js/dist/vendor/ 6 KB
2 KB 72ms
70ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 11:09:19 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Fri, 10 Nov 2023 06:49:05 GMT
server: Apache
age: 552670
etag: "19e1-609c6b76fbd54-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502

GET
H3 200 wp-polyfill.min.js Show response
behindmlm.com/wp-includes/js/dist/vendor/ 38 KB
14 KB 59ms
58ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:32:38 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 04 Apr 2024 08:45:15 GMT
server: Apache
age: 22071
etag: "96be-615415bab976a-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13831

GET
H3 200 index.js Show response
behindmlm.com/wp-content/plugins/contact-form-7/modules/recaptcha/ 934 B
506 B 75ms
74ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.9.4

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 11:20:17 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 08 May 2024 11:12:59 GMT
server: Apache
age: 552012
etag: "3a6-617ef629d8885-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 483

GET
H2 200 e-202420.js Show response
stats.wp.com/ 7 KB
3 KB 123ms
39ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202420.js
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14377-1704402356563.6672
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Thu, 08 May 2025 07:55:14 GMT

GET
H3 200 bullet.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 136 B
157 B 74ms
74ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/bullet.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

bfc62cb93d376fcaa619279e23ed2889779aaaa7bdf1a25dd0c42f5ed2d657b0

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 14:32:38 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 22071
etag: "88-56862d026743d"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136

GET
H3 200 commentbutton.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 2 KB
2 KB 75ms
74ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/commentbutton.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

8b283e0604bed5fd52532c293e5d792be8d35ee6c7d9d4a303759dcb41567d9e

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 17:53:27 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 2515622
etag: "88b-56862d026455c"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2187

GET
H3 200 sidebar_h2dark.gif
behindmlm.com/wp-content/themes/BehindMLM2/images/ 2 KB
2 KB 76ms
76ms Image
image/gif 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://behindmlm.com/wp-content/themes/BehindMLM2/images/sidebar_h2dark.gif

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

d59bfe78466d3fa4afdd786dfc4270dfed248a5ddc54d2e79b39b303de37903f

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/wp-content/themes/BehindMLM2/style.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 06 May 2024 22:07:40 GMT
via: 1.1 google
last-modified: Tue, 27 Mar 2018 11:01:31 GMT
server: Apache
age: 685969
etag: "664-56862d02683dd"
x-frame-options: sameorigin
content-type: image/gif
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1636

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405080101/ 412 KB
139 KB 73ms
73ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1989076782517459&plah=behindmlm.com&aplac=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e9bd37a25b3890b681ca47c4111603709f0f6b6650a294f3c2ef593f9cbbd791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142575
x-xss-protection: 0
server: cafe
etag: 13283103800485733711
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 299 KB
86 KB 40ms
40ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=957d21fea4ee894d7c480a5b473abd63

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39879b684cc9659269084d368e6e20add5416e24ff4baa23e7aa21f11b6773bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 May 2024 20:40:29 GMT
content-md5: 0hY8C4XabfCfW5uSgqL4MA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87594
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=21, mss=1294, tbw=6603, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: mnmeB7RAGba7VmvouWAiCnJQdR8kuEFxqCauGUxoC4f9TjGjmGUuPKH0C3vSVXTlhArEJuxjhlNSgyjb+7Q8ZA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 2223bbd8144ac6f977bfd71842b36699
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "e0aa540474b55446b06ccb3f5c853e5d"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 14 May 2025 18:25:27 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/ 505 KB
202 KB 130ms
38ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Lf4n2EpAAAAAJJn5FqRP52VTFOYD77n3Onoux9b&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a624368de63b32a27d36d8032e5e1bfe03a5e738338493aa0dfc4938d9cd3c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 17:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206091
x-xss-protection: 0
last-modified: Sun, 05 May 2024 20:00:16 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 14 May 2025 17:33:09 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 44ms
38ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=13065284&post=88682&tz=8&srv=behindmlm.com&j=1%3A13.4.2&host=behindmlm.com&ref=&fcp=598&rand=0.5705304600228167
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Tue, 14 May 2024 20:40:29 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

GET
H3 200 wp-emoji-release.min.js Show response
behindmlm.com/wp-includes/js/ 18 KB
5 KB 41ms
41ms Script
application/javascript 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/wp-includes/js/wp-emoji-release.min.js?ver=1d9b22a9d5693efe40dca4d0447cc934

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 05:16:53 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 04 Apr 2024 08:45:15 GMT
server: Apache
age: 573816
etag: "4926-615415bab4948-gzip"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5062

GET
H3 200 cse_element__en.js Show response
www.google.com/cse/static/element/8435450f13508ca1/ 318 KB
106 KB 50ms
50ms Script
text/javascript 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8435450f13508ca1/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=partner-pub-1989076782517459:6677894630

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

sffe /

Resource Hash

1c8cc3cef0d65c2d9912b24f27bd2f42a79d10be8e00439562a3984f90f05bdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108214
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 16:43:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H3 200 default+en.css
www.google.com/cse/static/element/8435450f13508ca1/ 41 KB
9 KB 48ms
48ms Stylesheet
text/css 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8435450f13508ca1/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=partner-pub-1989076782517459:6677894630

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

sffe /

Resource Hash

a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9068
x-xss-protection: 0
last-modified: Wed, 10 Jan 2024 16:43:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H3 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 39ms
39ms Stylesheet
text/css 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=partner-pub-1989076782517459:6677894630

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Tue, 14 May 2024 21:03:55 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 6CED 0
0 154ms
39ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fbehindmlm.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C0) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4379987
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 14 May 2024 20:40:29 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67C0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 40ms
39ms Other
image/svg+xml 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg-basic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2083
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Tue, 14 May 2024 20:55:46 GMT

GET
H2 200 swg-mini-prompt.css
news.google.com/swg/js/v1/ 3 KB
946 B 42ms
41ms Stylesheet
text/css 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-mini-prompt.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg-basic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c28dcb52ba694c0b6bced69ed130c0d67a1a2238b41ac036f5264037eb99414

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:37:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 855
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 21:19:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Tue, 14 May 2024 21:27:38 GMT

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 18 KB
5 KB 40ms
40ms Stylesheet
text/css 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg-basic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2935e77ba4a31d658633687964df779e6a6acd911252186240c22eafeba8bc36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:37:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5195
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 21:19:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Tue, 14 May 2024 21:27:51 GMT

GET
H2 200 article Show response
news.google.com/swg/_/api/v1/publication/CAow4MrUCw/ 1 KB
1 KB 285ms
285ms Fetch
application/json 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/CAow4MrUCw/article?locked=false

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg-basic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e952618c0e1177672e6a2175347f37a17a04edb365fb91e8f0115039dbcda51

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: text/plain, application/json
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://behindmlm.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca-pub-1989076782517459 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 166ms
75ms Script
application/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-1989076782517459?href=https%3A%2F%2Fbehindmlm.com%2Fcompanies%2Fcfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme&ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202405080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1989076782517459&plah=behindmlm.com&aplac=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b407480b454b72307d5b238a9027fade0e04a72408cdb88e9dc6261a6c6ed26c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-c16QN1Ez-2Y1qPmjY7B8LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-c16QN1Ez-2Y1qPmjY7B8LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtDikmJw1pBiOHnrNtNFID7vdIfpOhAbaDxnsgBiia8vmTSAOOb5dNYUIHZKn8EaBMQ-9TNYY4C49eY51qlAnPTvPGsREO9cfIH1IBCvOnKBdRMQt3--wDodiL-zX2T9D8TljhdZ64FYiIdj74z-TWwCBx683cespJGUXxifnJ9XUpSZVFqSX5SWnJZanFpUlloUb2RgZGJgamisZ2AUX2AAAB7pS-Q"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 async-ads.js Show response
cse.google.com/adsense/search/ 182 KB
72 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/8435450f13508ca1/cse_element__en.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

417d1ad83b5a0163f779b1548936b2981ae0bf8d368afe8cefa853dcb5f18732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "1918149570977169645"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Tue, 14 May 2024 20:40:29 GMT

GET
H3 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 40ms
39ms Image
image/png 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/8435450f13508ca1/default+en.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.google.com/cse/static/element/8435450f13508ca1/default+en.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 07:44:52 GMT
x-content-type-options: nosniff
age: 46537
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1018
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 14 May 2025 07:44:52 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 150ms
39ms Image
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:29 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame A42F 0
0 157ms
64ms Document
text/html 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf4n2EpAAAAAJJn5FqRP52VTFOYD77n3Onoux9b&co=aHR0cHM6Ly9iZWhpbmRtbG0uY29tOjQ0Mw..&hl=de&v=vjbW55W42X033PfTdVf6Ft4q&size=invisible&cb=d0p7xjs9nox

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7tXhP1Dn9YUYmQKkpQcpNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-7tXhP1Dn9YUYmQKkpQcpNQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 14 May 2024 20:40:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
252 B 152ms
46ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-SBVC6ZKEK6&gtm=45je45d0v9107466303za200&_p=1715719229476&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=113695699.1715719230&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1715719230&sct=1&seg=0&dl=https%3A%2F%2Fbehindmlm.com%2Fcompanies%2Fcfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme%2F&dt=CFO%20allegedly%20confirmed%20Family%20First%20Life%20is%20a%20Ponzi%20scheme&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1110
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SBVC6ZKEK6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 14 May 2024 20:40:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://behindmlm.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
243 B 155ms
48ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SBVC6ZKEK6&cid=113695699.1715719230&gtm=45je45d0v9107466303za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SBVC6ZKEK6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 14 May 2024 20:40:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://behindmlm.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 130ms
65ms Image
image/gif 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SBVC6ZKEK6&cid=113695699.1715719230&gtm=45je45d0v9107466303za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=348788454

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 14 May 2024 20:40:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxUVXDQ76W_afQcf2xf7Ljod0iF2DN2SmfdztFSE8r04CXTjY4PdOJKq_oR5XW-kVzfheVR2qSD2K9abVYroaStyh9IR-s890m-5UB4-T329acCD6i2Mh39a1FOn0Q6rbfUkdRwgbA== Show response
fundingchoicesmessages.google.com/f/ 369 KB
59 KB 126ms
125ms Script
application/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUVXDQ76W_afQcf2xf7Ljod0iF2DN2SmfdztFSE8r04CXTjY4PdOJKq_oR5XW-kVzfheVR2qSD2K9abVYroaStyh9IR-s890m-5UB4-T329acCD6i2Mh39a1FOn0Q6rbfUkdRwgbA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzE1NzE5MjMwLDc4MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbN11dLCJodHRwczovL2JlaGluZG1sbS5jb20vY29tcGFuaWVzL2Nmby1hbGxlZ2VkbHktY29uZmlybWVkLWZhbWlseS1maXJzdC1saWZlLWlzLWEtcG9uemktc2NoZW1lLyIsbnVsbCxbWzgsImZHM2hXWjE1MFlRIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIxIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.fG3hWZ150YQ.es5.O/am=BgM/d=1/rs=AJlcJMw_QTUOn2bGdjvZzMIS4vT689phAQ/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c24a6277ddeab9bc85dd52721b059ab78c12e4004a13bed7d0ddede66a693dc5

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-4aFCNrjCtLi83OBkr6WD4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:40:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-4aFCNrjCtLi83OBkr6WD4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmLw05BiOHHrNtMFID7vdIfpOhAbaDxnsgBiia8vmTSAOOb5dNYUIHZKn8EaBMQ-9TNYY4C49eY51qlAnPTvPGsREO9cfIH1IBCvOnKBdRMQt3--wDodiL-zX2T9D8RC3Bz7ZvRvYhN40Xo1WEkjKb8wPjk_r6QoM6m0JL8oLTkttTi1qCy1KN7IwMjEwNTQWM_AKL7AAABkJ0gI"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 serviceiframe
news.google.com/swg/ui/v1/ Frame EA54 0
0 190ms
104ms Document
text/html 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/ui/v1/serviceiframe?_=1715719230092&sut=AdgM6%2FnHb0Po0I4LNS82O9QYtwoKN8vJAQxFcGNIbzJFYMDZpS5S%2FHbNrqfS99TdjMrlYS3xhU5NGtL2nAYgUeTlKwtEiWDKBAse10m2uNrlXG9f2w%3D%3D&publicationId=CAow4MrUCw

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg-basic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-3DGDGCj9FjA6nk9yELrErg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments.google.com https://payments.sandbox.google.com https://sandbox.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-3DGDGCj9FjA6nk9yELrErg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments.google.com https://payments.sandbox.google.com https://sandbox.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Tue, 14 May 2024 20:40:30 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/swg/_/SubscribewithgoogleClientUi/web-reports?context=eJzjytDikmJw15BicDa_xRT35xZT1OlHTE0rnzK1APG3Q8-YfgDx9uLnTBJfXzKpAbFT-gzWACD2qZ_BGgXErTfPsU4G4o0fz7NuBuKkf-dZC4C4_fMF1qlAvCroIusaIBbi5tg3o38Tm8CLh3fqlIyS8gvji0uTipOLMpNSyzNLMtLz89NzUpNzMlPzSopTi8pSi-KNDIxMDEwNjfUMDOMLDADEHEpv"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 24px.svg
fonts.gstatic.com/s/i/productlogos/googleg/v6/ 742 B
973 B 136ms
39ms Image
image/svg+xml 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.gstatic.com/s/i/productlogos/googleg/v6/24px.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg-button.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed9087d76cdc6d1c53698f6068f79872e77e87c8d012c0cfdad13b05b6ccb37c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 12:31:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 288518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 438
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 17:17:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 11 May 2025 12:31:52 GMT

GET
H/1.1 200
OK button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 40ms
40ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 14 May 2024 20:40:30 GMT
Content-Encoding: gzip
Age: 4386872
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2620
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
Server: ECS (frb/6713)
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 css
fonts.googleapis.com/ 109 KB
6 KB 147ms
60ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.fG3hWZ150YQ.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMyo6yJ_-XR4VdSakhBxpSXngys73Q/m=web_iab_tcf_v2_wall_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6b7dfb79b63e4202eaad4d930a87c85325776c5b800a672363283ad3dc73af1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 May 2024 20:40:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 May 2024 20:40:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 May 2024 20:40:30 GMT

GET
H2 200 8XBUlE16meJPpNaqTXMrU5Nk3fIlVjkuC7m7a4jjLLillomEwjmVss6k2NI3C8z3-Lv7bTwH-i9NAtp9_P0zlGCsCpT-lNmk-8I0RJ_Wern0o9dSPpeT=h60
lh3.googleusercontent.com/ 8 KB
8 KB 145ms
39ms Image
image/jpeg 2a00:1450:4001:81d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/8XBUlE16meJPpNaqTXMrU5Nk3fIlVjkuC7m7a4jjLLillomEwjmVss6k2NI3C8z3-Lv7bTwH-i9NAtp9_P0zlGCsCpT-lNmk-8I0RJ_Wern0o9dSPpeT=h60

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

74adb12d367e2bbbc4049389a30e440789a838cfa68912e82dabe94cc7e6bf9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 17:46:14 GMT
x-content-type-options: nosniff
age: 10456
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8163
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 15 May 2024 17:46:14 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 90ms
42ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 10 May 2024 22:45:56 GMT
x-content-type-options: nosniff
age: 338074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 May 2025 22:45:56 GMT

GET
H3 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 125 KB
125 KB 88ms
41ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 19:45:43 GMT
x-content-type-options: nosniff
age: 89687
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 May 2025 19:45:43 GMT

POST
H3 204 AGSKWxWMOULcL2YlBeLUTYO3iF2WxLHRYwTiyyx3hZpYnr3fkW2f5TKNCBC0ePHEekpLCk_NgV6ijjRuJHycDwNCkSe0xSn4ORlo-X-9mKO-Ma1qI-jdoUpdFdsk-z9oTp5NqUd4ZHHrWQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 129ms
50ms XHR
text/html 142.250.185.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWMOULcL2YlBeLUTYO3iF2WxLHRYwTiyyx3hZpYnr3fkW2f5TKNCBC0ePHEekpLCk_NgV6ijjRuJHycDwNCkSe0xSn4ORlo-X-9mKO-Ma1qI-jdoUpdFdsk-z9oTp5NqUd4ZHHrWQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2ulay4QGEHVVRfQf68Z9Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 14 May 2024 20:40:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-2ulay4QGEHVVRfQf68Z9Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmJw0JBicEqfwRoCxEI8HPtm9G9iE_hwb_82RiWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkYmBqaKxnYB5fYAAAxDkivg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://behindmlm.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWMOULcL2YlBeLUTYO3iF2WxLHRYwTiyyx3hZpYnr3fkW2f5TKNCBC0ePHEekpLCk_NgV6ijjRuJHycDwNCkSe0xSn4ORlo-X-9mKO-Ma1qI-jdoUpdFdsk-z9oTp5NqUd4ZHHrWQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hpdGElm7PKcmBc1hjiRBeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 14 May 2024 20:40:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-hpdGElm7PKcmBc1hjiRBeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjEtDikmLw1JBicEqfwRoCxEI8HPtm9G9iEzgwp3EHo5JLUn5hfHJ-XklqXoluYkqxLohdlJlUWpJfhMJOLQOpyMlPT8_MS483MjAyMTA1NNYzMI8vMAAAlVciGQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://behindmlm.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame A60D 0
0 40ms
40ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A8) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4386878
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Tue, 14 May 2024 20:40:30 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67A8)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
292 B 221ms
142ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fbehindmlm.com%2Fcompanies%2Fcfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1715719230285%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=e2bcdcb36e8549aa1afa5b8691cf804ff09ed32f

Requested by

Host: behindmlm.com
URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 102
date: Tue, 14 May 2024 20:40:30 GMT
strict-transport-security: max-age=631138519
last-modified: Tue, 14 May 2024 20:40:30 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 6d316b1b3caafcf9
cache-control: must-revalidate, max-age=600
perf: 7402827104
x-connection-hash: c5cbef5c605d25800d7fcbf54ad49df1561478277d6fd92fcc7c5e70f2a21249
content-length: 43

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v59/ 33 KB
33 KB 41ms
40ms Font
font/woff2 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v59/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f3.1e100.net

Software

sffe /

Resource Hash

e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://behindmlm.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 07:48:13 GMT
x-content-type-options: nosniff
age: 46337
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34184
x-xss-protection: 0
last-modified: Wed, 24 Apr 2024 23:36:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 07:48:13 GMT

GET
H2 200 like.php
www.facebook.com/v14.0/plugins/ Frame D868 0
0 144ms
56ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df896410a3ce788bfb%26domain%3Dbehindmlm.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fbehindmlm.com%252Ff67133e620673ef8f%26relation%3Dparent.parent&container_width=530&href=https%3A%2F%2Fbehindmlm.com%2Fcompanies%2Fcfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme%2F&layout=button_count&locale=en_GB&sdk=joey&share=false&size=small&width=

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js?hash=957d21fea4ee894d7c480a5b473abd63

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://behindmlm.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
date: Tue, 14 May 2024 20:40:30 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1294, tbw=2781, tp=-1, tpl=-1, uplat=17, ullat=0
x-fb-debug: mcRNvN1ituG3tCnm18lS5vqMc4mBrlEEEjr2FVGxrNW72184ca69XtggWa+pWgCTty1AeuDq4xOLUn9vJoHGGw==
x-xss-protection: 0

GET
H3 200 favicon.ico
behindmlm.com/ 1 KB
1 KB 42ms
41ms Other
image/vnd.microsoft.icon 35.190.67.83
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://behindmlm.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.67.83 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

83.67.190.35.bc.googleusercontent.com

Software

Apache /

Resource Hash

2019a2a4f4393b5228a496e9c2c21d2e42da78efc2055fb10d177c6e8f7dd658

Security Headers

Name	Value
X-Frame-Options	sameorigin

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 18 Apr 2024 14:08:13 GMT
via: 1.1 google
content-encoding: br
last-modified: Tue, 27 Mar 2018 11:01:32 GMT
server: Apache
age: 2269937
etag: W/"57e-56862d035d615"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: max-age=31536000,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1113

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 00:54:31	Name: _GRECAPTCHA Value: 09AGaHCq9xQPnkIahV9Gpmwb7pivraAcekilfySXcD1jIwxRep5kmKrr_eO6dMpuGzLYCxVQ9LBwllFcI7Ko8RPts
.behindmlm.com/	1970-01-21 06:11:19	Name: _ga_SBVC6ZKEK6 Value: GS1.1.1715719230.1.0.1715719230.60.0.0
.behindmlm.com/	1970-01-21 06:11:19	Name: _ga Value: GA1.1.113695699.1715719230

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://behindmlm.com/companies/cfo-allegedly-confirmed-family-first-life-is-a-ponzi-scheme/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

behindmlm.com
clients1.google.com
connect.facebook.net
cse.google.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
lh3.googleusercontent.com
news.google.com
pagead2.googlesyndication.com
pixel.wp.com
platform.twitter.com
region1.analytics.google.com
stats.g.doubleclick.net
stats.wp.com
syndication.twitter.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
104.244.42.8
142.250.185.130
142.250.185.174
142.250.186.35
142.250.186.68
172.217.23.99
192.0.76.3
2001:4860:4802:34::36
2600:1901:0:7cc::
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:800::2003
2a00:1450:4001:810::200e
2a00:1450:4001:811::200e
2a00:1450:4001:81d::2001
2a00:1450:4001:81d::2003
2a00:1450:4001:827::200e
2a00:1450:4001:828::200a
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
35.190.67.83
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937
1c8cc3cef0d65c2d9912b24f27bd2f42a79d10be8e00439562a3984f90f05bdd
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
2019a2a4f4393b5228a496e9c2c21d2e42da78efc2055fb10d177c6e8f7dd658
279591ceccca5a82dda9657834418a1fffd8ed85841517256fce3bdf68d10064
2935e77ba4a31d658633687964df779e6a6acd911252186240c22eafeba8bc36
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e952618c0e1177672e6a2175347f37a17a04edb365fb91e8f0115039dbcda51
2efe0d8072659b087901323e1fdb18a0f57e6011cb9cb7edff6e1723fc2e8d70
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
39879b684cc9659269084d368e6e20add5416e24ff4baa23e7aa21f11b6773bf
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
417d1ad83b5a0163f779b1548936b2981ae0bf8d368afe8cefa853dcb5f18732
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
435778bfee037a1ebe89d236fa204aa2ab579bf82f6d98a7e5bc923846b0b07d
46e36dd6ca93014e4915c723632bf180d27cc96ccfb7c26e69213e1a82129a62
4a624368de63b32a27d36d8032e5e1bfe03a5e738338493aa0dfc4938d9cd3c0
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5cbd29c1a71bf34e97dbc2e69050c0b91f87b42fa75aee9089f5254c5146e2fe
68cb73fb8450e9b6d99bfe07cd80d8526b28287a6e33c8b30684d5ec9c46fd24
6b7dfb79b63e4202eaad4d930a87c85325776c5b800a672363283ad3dc73af1c
6c28dcb52ba694c0b6bced69ed130c0d67a1a2238b41ac036f5264037eb99414
6c31a7b93ec9ad88acece2007602e363fce0b9165896e38b93a3075c12ece48f
6f70642d5bf7c8e444aed43f9929a3e1d8e835655383704d0e485fd7be4d5783
74adb12d367e2bbbc4049389a30e440789a838cfa68912e82dabe94cc7e6bf9d
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8b283e0604bed5fd52532c293e5d792be8d35ee6c7d9d4a303759dcb41567d9e
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
a07e61905af7753f5b72c7faeb1a96b97b87a612d8bb22e6e964fc98e1cbdcca
a416e8905a3d5773c47fbb2166e048301ea8746d32c526e44611dcacd0899d97
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad72c063814c31626b8b9509a599850d3abf705366819bd37377e3311922af06
b407480b454b72307d5b238a9027fade0e04a72408cdb88e9dc6261a6c6ed26c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
badbad062f2e942c3eab0d49366f65e2ff7e705a80deeac6a2bcdbcb824d6bd8
bfc62cb93d376fcaa619279e23ed2889779aaaa7bdf1a25dd0c42f5ed2d657b0
c1190ef19dd0b0246e258e38984b6b6ef96334940dbdeb3723a4b30d4522a60d
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c21d34249d4a61b1d0df5209aeb7cceed64891dcb7233ce6e91771306489baf7
c24a6277ddeab9bc85dd52721b059ab78c12e4004a13bed7d0ddede66a693dc5
c297dd0ce4816acaf52c91d3406e0cc2dd81bf7cbc7d339f9810040e36bba61d
cbc7e6b7036a674ce0a9d58ff3d72880569810e2d50dad19d55dd5c4da321933
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
d59bfe78466d3fa4afdd786dfc4270dfed248a5ddc54d2e79b39b303de37903f
d702e5ed1e573918d912775ac1e88987fc177aa51efe1253a08f71ab54f96516
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
df0ec8330290d184b1084527076cb87d41b33ba706ff5ab579d761f0cb6a744b
e1d668ba05666faf07965c0387fe0f340ab10aa9f5eb498b1894866dd6ccee9d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
e9bd37a25b3890b681ca47c4111603709f0f6b6650a294f3c2ef593f9cbbd791
ed9087d76cdc6d1c53698f6068f79872e77e87c8d012c0cfdad13b05b6ccb37c
eef855207482fec547000c4232c2021643b8a984f7c228fee2506fd8b8551fe3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22070689b13f7dc5cbb936c58acf74778b6a5c3d88b5d57bc6f976b7b356396
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f438bd946bcf76ec40f285a8f83382d9f8b26d28099f35e3db66503b41ef2620
febe7eb6b4d3daabd19f253830acaddb7014b75029ad8744912d45bd1627a978

behindmlm.com Open in urlscan Pro 2600:1901:0:7cc:: Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

72 Requests

99 %HTTPS

64 %IPv6

13 Domains

21 Subdomains

23 IPs

3 Countries

1471 kBTransfer

4122 kBSize

3 Cookies

2 Outgoing links

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

behindmlm.com Open in urlscan Pro
2600:1901:0:7cc:: Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

99 %
HTTPS

64 %
IPv6

13
Domains

21
Subdomains

23
IPs

3
Countries

1471 kB
Transfer

4122 kB
Size

3
Cookies

72 HTTP transactions
0 data transactions