voticle.com Open in urlscan Pro
172.67.217.13 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Submission: On September 12 via manual (September 12th 2021, 10:45:45 pm UTC) from US — Scanned from DE

Summary HTTP 158 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 31 IPs in 6 countries across 29 domains to perform 158 HTTP transactions. The main IP is 172.67.217.13, located in United States and belongs to CLOUDFLARENET, US. The main domain is voticle.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.

This is the only time voticle.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	172.67.217.13 172.67.217.13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	104.21.54.83 104.21.54.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	173.194.76.95 173.194.76.95	15169 (GOOGLE) (GOOGLE)
8	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	142.251.5.155 142.251.5.155	15169 (GOOGLE) (GOOGLE)
1	151.101.114.0 151.101.114.0	54113 (FASTLY) (FASTLY)
1	103.253.144.208 103.253.144.208	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	94.31.29.99 94.31.29.99	6461 (ZAYO-6461) (ZAYO-6461)
1	172.67.150.92 172.67.150.92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.28.37 13.32.28.37	16509 (AMAZON-02) (AMAZON-02)
4	74.125.133.95 74.125.133.95	15169 (GOOGLE) (GOOGLE)
2	74.125.133.97 74.125.133.97	15169 (GOOGLE) (GOOGLE)
2	74.125.206.94 74.125.206.94	15169 (GOOGLE) (GOOGLE)
17	74.125.133.155 74.125.133.155	15169 (GOOGLE) (GOOGLE)
1	74.125.71.156 74.125.71.156	15169 (GOOGLE) (GOOGLE)
6	74.125.140.157 74.125.140.157	15169 (GOOGLE) (GOOGLE)
4	74.125.206.155 74.125.206.155	15169 (GOOGLE) (GOOGLE)
1	34.95.89.54 34.95.89.54	15169 (GOOGLE) (GOOGLE)
12	104.26.10.209 104.26.10.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	74.125.133.132 74.125.133.132	15169 (GOOGLE) (GOOGLE)
1	91.228.74.226 91.228.74.226	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
6	173.194.76.156 173.194.76.156	15169 (GOOGLE) (GOOGLE)
2 2	104.76.200.221 104.76.200.221	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	104.36.113.23 104.36.113.23	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	172.67.68.78 172.67.68.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.74.129 172.67.74.129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	92.123.148.9 92.123.148.9	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	74.125.140.149 74.125.140.149	15169 (GOOGLE) (GOOGLE)
1	148.251.139.77 148.251.139.77	24940 (HETZNER-AS) (HETZNER-AS)
2	104.76.200.23 104.76.200.23	16625 (AKAMAI-AS) (AKAMAI-AS)
4	185.60.218.24 185.60.218.24	32934 (FACEBOOK) (FACEBOOK)
4	185.60.218.35 185.60.218.35	32934 (FACEBOOK) (FACEBOOK)
3	74.125.206.99 74.125.206.99	15169 (GOOGLE) (GOOGLE)
158	31

3 172.67.217.13 (United States)

ASN13335 (CLOUDFLARENET, US)

voticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 104.21.54.83 (None, )

ASN13335 (CLOUDFLARENET, US)

fonolive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 173.194.76.95 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.251.5.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wg-in-f155.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.0 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.mynewsdesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.253.144.208 (Singapore)

ASN14061 (DIGITALOCEAN-ASN, US)

uconnect4.sgp1.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.99 (United Kingdom)

ASN6461 (ZAYO-6461, US)
PTR: 94.31.29.99.IPYX-077437-ZYO.above.net

43d897265kne3ed0qv2ecjw2-wpengine.netdna-ssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.150.92 (United States)

ASN13335 (CLOUDFLARENET, US)

www.peninsuladailynews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.28.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-28-37.fra56.r.cloudfront.net

z-na.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.125.133.95 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f95.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.133.97 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f97.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.206.94 (United States)

ASN15169 (GOOGLE, US)
PTR: wk-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 74.125.133.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.71.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wn-in-f156.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 74.125.140.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wq-in-f157.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.125.206.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wk-in-f155.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.89.54 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 54.89.95.34.bc.googleusercontent.com

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.26.10.209 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 74.125.133.132 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.226 (United Kingdom)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 173.194.76.156 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f156.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.76.200.221 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-221.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.36.113.23 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.68.78 (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.74.129 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.123.148.9 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-9.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.140.149 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: wq-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.251.139.77 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.77.139.251.148.clients.your-server.de

banner.congstar.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.76.200.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-23.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.60.218.24 (Bucharest, Romania)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-otp1.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.60.218.35 (Bucharest, Romania)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-otp1.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.206.99 (United States)

ASN15169 (GOOGLE, US)
PTR: wk-in-f99.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	fonolive.com fonolive.com	2 MB
27	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	532 KB
25	doubleclick.net 2 redirects googleads.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net	26 KB
14	ad4m.at as.ad4m.at ad4m.at assets.ad4m.at	257 KB
10	googleapis.com fonts.googleapis.com ajax.googleapis.com	127 KB
9	google.com adservice.google.com www.google.com	3 KB
8	bootstrapcdn.com maxcdn.bootstrapcdn.com	100 KB
4	facebook.com www.facebook.com	580 B
4	facebook.net connect.facebook.net	226 KB
4	googletagservices.com www.googletagservices.com	119 KB
3	awin1.com 1 redirects www.awin1.com	2 KB
3	voticle.com voticle.com	40 KB
2	media.net contextual.media.net	100 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	763 B
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com	887 B
2	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	4 KB
2	gstatic.com fonts.gstatic.com	40 KB
2	google-analytics.com ssl.google-analytics.com	17 KB
1	congstar.de banner.congstar.de	518 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	456 B
1	quantserve.com cms.quantserve.com	463 B
1	googleadservices.com partner.googleadservices.com	656 B
1	amazon-adsystem.com z-na.amazon-adsystem.com	8 KB
1	peninsuladailynews.com www.peninsuladailynews.com	48 KB
1	netdna-ssl.com 43d897265kne3ed0qv2ecjw2-wpengine.netdna-ssl.com	63 KB
1	digitaloceanspaces.com uconnect4.sgp1.digitaloceanspaces.com	23 KB
1	mynewsdesk.com resources.mynewsdesk.com	28 KB
158	29

	Domain	Requested by
33	fonolive.com	voticle.com
19	pagead2.googlesyndication.com	voticle.com pagead2.googlesyndication.com googleads.g.doubleclick.net fonolive.com tpc.googlesyndication.com
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com voticle.com
8	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	maxcdn.bootstrapcdn.com	voticle.com maxcdn.bootstrapcdn.com fonolive.com
6	assets.ad4m.at	as.ad4m.at
6	cm.g.doubleclick.net	googleads.g.doubleclick.net voticle.com
6	adservice.google.com	pagead2.googlesyndication.com
6	fonts.googleapis.com	voticle.com fonolive.com
4	www.facebook.com	fonolive.com
4	connect.facebook.net	fonolive.com connect.facebook.net
4	ad4m.at	as.ad4m.at ad4m.at
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	ajax.googleapis.com	voticle.com fonolive.com
3	www.google.com	tpc.googlesyndication.com
3	www.awin1.com	1 redirects as.ad4m.at
3	voticle.com	voticle.com
2	contextual.media.net	fonolive.com
2	ad.doubleclick.net	2 redirects
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	2 redirects
2	fonts.gstatic.com	fonts.googleapis.com
2	ssl.google-analytics.com	voticle.com
1	banner.congstar.de	as.ad4m.at
1	static-de.ad4mat.net	as.ad4m.at
1	pixel.rubiconproject.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	prod-rtb.ad4mat.net	voticle.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	z-na.amazon-adsystem.com	voticle.com
1	www.peninsuladailynews.com	voticle.com
1	43d897265kne3ed0qv2ecjw2-wpengine.netdna-ssl.com	voticle.com
1	uconnect4.sgp1.digitaloceanspaces.com	voticle.com
1	resources.mynewsdesk.com	voticle.com
158	37

This site contains links to these domains. Also see Links.

Domain
fonolive.com
www.facebook.com
twitter.com
reddit.com
www.linkedin.com
www.tumblr.com
mission6nutrition.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
assets.1215diamonds.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-26` - `2022-05-28`	a year	crt.sh
*.sgp1.digitaloceanspaces.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-06` - `2021-12-07`	a year	crt.sh
*.netdna-ssl.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-22` - `2022-03-18`	a year	crt.sh
z-na.amazon-adsystem.com Amazon	`2020-12-12` - `2022-01-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2021-08-24` - `2021-11-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.congstar.de TeleSec ServerPass Class 2 CA	`2021-05-18` - `2022-05-23`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh

This page contains 30 frames:

Primary Page: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Frame ID: 0719AFCACAD3D5020C48F67BAA0D9AF7
Requests: 70 HTTP requests in this frame

Frame: https://fonolive.com/promoted-ads
Frame ID: 8DC2413802CAC7BC063E4CEAF1D2789F
Requests: 18 HTTP requests in this frame

Frame: https://fonolive.com/promoted-ads
Frame ID: 058F2F20EB810A86C65647F89FDB3E6E
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210908/r20190131/zrt_lookup.html
Frame ID: 45ABB66A5F8F4276B56AEF0D61C53288
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=8250817351&adk=2440252158&adf=1492073588&pi=t.ma~as.8250817351&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739311&bpp=6&bdt=247&idt=106&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&correlator=227100715265&frm=20&pv=2&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=1&uci=a!1&fsb=1&xpc=QvZhQX4mmY&p=https%3A//voticle.com&dtd=120
Frame ID: 09B62A6D085FAB275852CB1065204C71
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=9376916555&adk=3757388224&adf=3248948864&pi=t.ma~as.9376916555&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739317&bpp=1&bdt=253&idt=124&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=8YhOoizg6T&p=https%3A//voticle.com&dtd=128
Frame ID: AFCC0D72CD9FD80287751A8D09808A6E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=8250817351&adk=2440252158&adf=1531977944&pi=t.ma~as.8250817351&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739318&bpp=1&bdt=255&idt=131&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=1801&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nw9mkLgKZ5&p=https%3A//voticle.com&dtd=133
Frame ID: BFD4B48FC8F38EAAB5A05107157BCB2F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=3333677467&adf=1475420161&pi=t.ma~as.8250817351&w=443&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=443x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739319&bpp=1&bdt=255&idt=134&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=733&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=4&uci=a!4&fsb=1&xpc=RmJ8tGbbmQ&p=https%3A//voticle.com&dtd=136
Frame ID: 39FE739BFABAC9FB84FBC8D30B663B12
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=3531856095&pi=t.ma~as.8250817351&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739320&bpp=1&bdt=257&idt=137&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2656&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iParEqXXIL&p=https%3A//voticle.com&dtd=140
Frame ID: BE630A0C59D390527B28B0B29E2BC414
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=9376916555&adk=3224866322&adf=2455508272&pi=t.ma~as.9376916555&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739321&bpp=1&bdt=258&idt=142&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=pADLIUZcWM&p=https%3A//voticle.com&dtd=145
Frame ID: C4F8098B925B0DB0B17F6B9772ED4E85
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=2688178878&adf=14637539&pi=t.ma~as.8250817351&w=360&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=360x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739322&bpp=1&bdt=258&idt=146&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1010&ady=3590&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=fVsxjAfDgq&p=https%3A//voticle.com&dtd=148
Frame ID: 0C3F4657A3448A6399941957038BE3B1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3025194257&lmt=1631486739&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739591&bpp=1&bdt=527&idt=1&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280&nras=1&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&ifi=9&uci=a!9&fsb=1&dtd=6
Frame ID: A8EF7C3DBD7A6A3A82C998B7A9A2ED64
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=4127274632&pi=t.ma~as.8250817351&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739322&bpp=1&bdt=259&idt=150&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0&nras=1&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=4593&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=9IwM8Snnpd&p=https%3A//voticle.com&dtd=392
Frame ID: D6424B1BD42694DFE8F0AF73D9BA69F3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&adk=617080280&adf=3730911173&pi=t.aa~a.3611581317~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=-M&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280&nras=2&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2676&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=10&uci=a!a&btvi=7&fsb=1&xpc=rFtoqOidXq&p=https%3A//voticle.com&dtd=11
Frame ID: FBDB9AAEB56C525926161D8DFA18D6E1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=90&adk=2743202993&adf=3116027668&pi=t.aa~a.1977422338~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1200x90&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=0&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280%2C1140x280&nras=3&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=200&ady=3835&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=11&uci=a!b&btvi=8&fsb=1&xpc=A9xFWCJ06F&p=https%3A//voticle.com&dtd=14
Frame ID: F9A3974D431DD05B2A50999B9166F56C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Ch4EFE4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE8QFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRejaauSA34o15zrqphYp8or9vQgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01MTIxNTM4NDU5OTY4NTg4GAA&sigh=k4FrayO6Lrw
Frame ID: C21B551057209130F83B56EE4E0CCED8
Requests: 6 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D
Frame ID: E57AAB0F050631DC4556DD7CAC23DDCC
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5720CDC9C6B2F56F3B3F78E6572D3B1A
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 0A92A85FDB4FC5212FE8D5D7698B60D0
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Frame ID: B0E11DB1785F1AC7595B34CC7FB70F3F
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755397&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740526&bpp=1&bdt=107&idt=63&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=5678188639733&frm=24&ife=1&pv=2&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.d66kvp2ylk4z&fsb=1&dtd=71
Frame ID: 95107C4BD06FEAF7038C09F17D05B402
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856640&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740527&bpp=1&bdt=108&idt=79&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5678188639733&frm=24&ife=1&pv=1&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.fvby0qdigz7g&fsb=1&dtd=82
Frame ID: FDF2FB0A26AA8908A1A013A4CA9620EC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 803931CA604F86AC2BECED49ECA7A10F
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 82E36EA759C0ADD7B4C4AE77FD6CD1E6
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755396&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741221&bpp=3&bdt=104&idt=60&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=4532699481826&frm=24&ife=1&pv=2&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7ikxptnnyh04&fsb=1&dtd=68
Frame ID: 8C6A486CF0D1F2097F2AE45E06729DB8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856643&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741224&bpp=1&bdt=107&idt=73&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4532699481826&frm=24&ife=1&pv=1&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.q8nfahibwxti&fsb=1&dtd=75
Frame ID: 75309986419C11554511EF8034AB6BEE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 02E805B8F137B3AED8644FF401935C92
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 436C79CDB32A25C84876F48250F53D3B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: A72620E85E46CDC9899D2D557CAD0238
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E1F67F1FA5105A6F9D1ECB3B00B53309
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Keto 3DS Reviews: SCAM ALERT! A Legitimate Weight Loss PDFs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

158
Requests

99 %
HTTPS

0 %
IPv6

29
Domains

37
Subdomains

31
IPs

6
Countries

3702 kB
Transfer

6498 kB
Size

34
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://fonolive.com/online-users
Title: Meet new

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Title: //<![CDATA[ (function(){for(var g="function"==typeof Object.defineProperties?Object.defineProperty:function(b,c,a){if(a.get||a.set)throw new TypeError("ES3 does not support getters and setters.");b!=Array.prototype&&b!=Object.prototype&&(b[c]=a.value)},h="undefined"!=typeof window&&window===this?this:"undefined"!=typeof global&&null!=global?global:this,k=["String","prototype","repeat"],l=0;l<k.length-1;l++){var m=k[l];m in h||(h[m]={});h=h[m]}var n=k[k.length-1],p=h[n],q=p?p:function(b){var c;if(null==this)throw new TypeError("The 'this' value for String.prototype.repeat must not be null or undefined");c=this+"";if(0>b||1342177279<b)throw new RangeError("Invalid count value");b|=0;for(var a="";b;)if(b&1&&(a+=c),b>>>=1)c+=c;return a};q!=p&&null!=q&&g(h,n,{configurable:!0,writable:!0,value:q});var t=this;function u(b,c){var a=b.split("."),d=t;a[0]in d||!d.execScript||d.execScript("var "+a[0]);for(var e;a.length&&(e=a.shift());)a.length||void 0===c?d[e]?d=d[e]:d=d[e]={}:d[e]=c};function v(b){var c=b.length;if(0<c){for(var a=Array(c),d=0;d<c;d++)a[d]=b[d];return a}return[]};function w(b){var c=window;if(c.addEventListener)c.addEventListener("load",b,!1);else if(c.attachEvent)c.attachEvent("onload",b);else{var a=c.onload;c.onload=function(){b.call(this);a&&a.call(this)}}};var x;function y(b,c,a,d,e){this.h=b;this.j=c;this.l=a;this.f=e;this.g={height:window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight,width:window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth};this.i=d;this.b={};this.a=[];this.c={}}function z(b,c){var a,d,e=c.getAttribute("data-pagespeed-url-hash");if(a=e&&!(e in b.c))if(0>=c.offsetWidth&&0>=c.offsetHeight)a=!1;else{d=c.getBoundingClientRect();var f=document.body;a=d.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);d=d.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+d;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.g.height&&d<=b.g.width)}a&&(b.a.push(e),b.c[e]=!0)}y.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&z(this,b)};u("pagespeed.CriticalImages.checkImageForCriticality",function(b){x.checkImageForCriticality(b)});u("pagespeed.CriticalImages.checkCriticalImages",function(){A(x)});function A(b){b.b={};for(var c=["IMG","INPUT"],a=[],d=0;d<c.length;++d)a=a.concat(v(document.getElementsByTagName(c[d])));if(a.length&&a[0].getBoundingClientRect){for(d=0;c=a[d];++d)z(b,c);a="oh="+b.l;b.f&&(a+="&n="+b.f);if(c=!!b.a.length)for(a+="&ci="+encodeURIComponent(b.a[0]),d=1;d<b.a.length;++d){var e=","+encodeURIComponent(b.a[d]);131072>=a.length+e.length&&(a+=e)}b.i&&(e="&rd="+encodeURIComponent(JSON.stringify(B())),131072>=a.length+e.length&&(a+=e),c=!0);C=a;if(c){d=b.h;b=b.j;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(r){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(D){}}f&&(f.open("POST",d+(-1==d.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}}function B(){var b={},c;c=document.getElementsByTagName("IMG");if(!c.length)return{};var a=c[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var d=0;a=c[d];++d){var e=a.getAttribute("data-pagespeed-url-hash");e&&(!(e in b)&&0<a.width&&0<a.height&&0<a.naturalWidth&&0<a.naturalHeight||e in b&&a.width>=b[e].o&&a.height>=b[e].m)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b}var C="";u("pagespeed.CriticalImages.getBeaconData",function(){return C});u("pagespeed.CriticalImages.Run",function(b,c,a,d,e,f){var r=new y(b,c,a,e,f);x=r;d&&w(function(){window.setTimeout(function(){A(r)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs','nXzXivl0t7',true,false,'SkwUk7HqiiQ'); //]]>

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&text=The+Keto+3DS+Reviews%3A+SCAM+ALERT%21+A+Legitimate+Weight+Loss+PDFs%0A;hashtags=voticle

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&title=The+Keto+3DS+Reviews%3A+SCAM+ALERT%21+A+Legitimate+Weight+Loss+PDFs%0A

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&title=The+Keto+3DS+Reviews%3A+SCAM+ALERT%21+A+Legitimate+Weight+Loss+PDFs%0A

Search URL Search Domain Scan URL

URL: https://fonolive.com/
Title: Fonolive.com, Fastest Growing Social Classifieds Marketplace

Search URL Search Domain Scan URL

URL: https://mission6nutrition.com/shark-tank-keto-pills-reviews-updated-for-2021/
Title: Mission6Nutrition

Search URL Search Domain Scan URL

URL: https://fonolive.com/adults-escorts-erotics
Title: Backpage Escorts

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIDeqodW7mpOdOHvBpb-lHgF6UmWdkLDOBM5UQ099kLx4uagLMeooVegdZxorP35msxFpm3IPuGo0aLn4bwKnEsRabacEkO&google_gid=CAESED04Udcn48m803sU0X19rRI&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJSG-okGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBJRGVxb2RXN21wT2RPSHZCcGItbEhnRjZVbVdka0xET0JNNVVRMDk5a0x4NHVhZ0xNZW9vVmVnZFp4b3JQMzVtc3hGcG0zSVB1R28wYUxuNGJ3S25Fc1JhYmFjRWtP HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYlMwdGw2NWt2aTRPZnZXakl6aHhNM3FrVjRhajVmeGxnNXhNVTNIYVd0bw==&google_push

Request Chain 88

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIxiDeCtMoBnPxbnua8W_D0lum9C0sMcL3zBkxbnmAqz0gQeoZwa1c-vborwh0hs6s0k6alsOTjni9aQvO57I2qVetD2zoz&google_gid=CAESEDjGay16aIHA_pW9EHrNpBM&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIxiDeCtMoBnPxbnua8W_D0lum9C0sMcL3zBkxbnmAqz0gQeoZwa1c-vborwh0hs6s0k6alsOTjni9aQvO57I2qVetD2zoz&google_gid=CAESEDjGay16aIHA_pW9EHrNpBM&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MTIyMjQ1NDAwMDAxMzk2NzYxOTk5MQ%3D%3D&google_push=AYg5qPIxiDeCtMoBnPxbnua8W_D0lum9C0sMcL3zBkxbnmAqz0gQeoZwa1c-vborwh0hs6s0k6alsOTjni9aQvO57I2qVetD2zoz

Request Chain 89

https://rtb.openx.net/sync/dds?google_gid=CAESEIoONVM_5Ebe0KbNWl8TV1M&google_cver=1&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEIoONVM_5Ebe0KbNWl8TV1M&google_cver=1&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY&google_hm=TxVUJQRDzmEOgDMGP-nS7w==

Request Chain 90

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOaMs2PBUh7qv09-9FlbhpU&google_cver=1&google_push=AYg5qPKUt2kh9QYoNynCj5lRCMAdRTMAHlDOCla1_8vZWqgwjl5dMOGyM0F9_RBiEZWx00E0w5jnzMeqQrWhzkJZO85_EN-U0p4 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOaMs2PBUh7qv09-9FlbhpU&google_cver=1&google_push=AYg5qPKUt2kh9QYoNynCj5lRCMAdRTMAHlDOCla1_8vZWqgwjl5dMOGyM0F9_RBiEZWx00E0w5jnzMeqQrWhzkJZO85_EN-U0p4&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m6vmh8CAQKirdXJ-wne7iw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKUt2kh9QYoNynCj5lRCMAdRTMAHlDOCla1_8vZWqgwjl5dMOGyM0F9_RBiEZWx00E0w5jnzMeqQrWhzkJZO85_EN-U0p4

Request Chain 91

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEA5lSevmniILuEdA0K_vni0&google_cver=1&google_push=AYg5qPLn0aX2vcgVrKtGlub-MbOkcn0P0R_wPcLIbt837sZyp8Qo2buf4vrNnBNZDC63N3Po2WzQ9iNkl0xis4ysDAp4uL_5cjo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RIVDJYRUktVi1FQlNF&google_push=AYg5qPLn0aX2vcgVrKtGlub-MbOkcn0P0R_wPcLIbt837sZyp8Qo2buf4vrNnBNZDC63N3Po2WzQ9iNkl0xis4ysDAp4uL_5cjo

Request Chain 92

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1

Request Chain 111

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidVBktPQgDX8EL3OQ2y62KsseA5_4EHJmSasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CKPT-9zB-vICFYgi0wodymEIHA;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidVBktPQgDX8EL3OQ2y62KsseA5_4EHJmSasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidVBktPQgDX8EL3OQ2y62KsseA5_4EHJmSasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1631486740_27c531b1-141b-11ec-8a78-692d0556460e

158 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs Show response
voticle.com/a/articles/166339/ 141 KB
38 KB 1932ms
1881ms Document
text/html 172.67.217.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.217.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d2025a97b776e811b59125a1382e37ce6fde5184ef785acbeafb04bdb70e2bc

Request headers

:method: GET
:authority: voticle.com
:scheme: https
:path: /a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=6f337mnlmdl8tfq05ud97m9bu5; path=/
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-mod-pagespeed: 1.13.35.2-0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GV07j0o%2BU%2Bu54yjLV8nqBoDmxPNMPRPnvXV4rYf6OHpuyL7tOunDO9yuum07mW6AfLJwpum5ckQHUoEdMAcJD164uh%2FuwS%2BsxCZ4Pm6YOZeUxGBAlkJP7OUeCCzlnw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68dcaacb6ec64119-PRG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 responsive.css
fonolive.com/css/ 803 B
982 B 77ms
29ms Stylesheet
text/css 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fonolive.com/css/responsive.css

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df322e5f44fa38089812b1fdacb72cf620030743cc997a37b43842b66f769646

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-original-content-length: 810
cf-polished: origSize=807
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-8Yp1rC9TTW"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1B185QSgYpQvaHRWWt8gZsBx9Mgs7hSQ5qW5c4nR2P7dvqVh0i8N%2Fa7CF%2BiI2Mp8phjki%2F6jOd68%2Bw8%2Br3eYt1pqnwiSP0P3tsrqiQvZaDNLwFs4eFN%2BzBqGe60M6k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 68dcaad78d6e5c85-FRA
expires: Sun, 12 Sep 2021 22:15:22 GMT

GET
H2 200 css
fonts.googleapis.com/ 376 B
785 B 51ms
18ms Stylesheet
text/css 173.194.76.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Engagement

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f95.1e100.net

Software

ESF /

Resource Hash

a58ca0e14e9b06ff94afa9d0d13ea965f64ad7c2c716b0ecc502da670d406cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 22:45:39 GMT
server: ESF
date: Sun, 12 Sep 2021 22:45:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 22:45:39 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
619 B 51ms
18ms Stylesheet
text/css 173.194.76.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f95.1e100.net

Software

ESF /

Resource Hash

3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 21:55:13 GMT
server: ESF
date: Sun, 12 Sep 2021 22:45:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 22:45:39 GMT

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 58ms
22ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 12330792
cdn-cachedat: 2021-04-23 06:29:02
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 0c1438d850d826813ba255e2978df727
cf-ray: 68dcaad78aae2774-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H2 200 bootstrap-theme.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 23 KB
3 KB 57ms
21ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617
age: 12330770
cdn-cachedat: 2021-04-23 06:57:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: d48273a4dc293fd41c89c1723d9350d4
cf-ray: 68dcaad78aaf2774-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H2 200 email-decode.min.js Show response
voticle.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 14ms
14ms Script
application/javascript 172.67.217.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://voticle.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.217.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: PHPSESSID=6f337mnlmdl8tfq05ud97m9bu5
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: voticle.com
referer: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 12:26:08 GMT
server: cloudflare
etag: W/"61375a60-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5MIOsZMzptODly3GIJKcPSCQ4hlfyi92XTqWdYWb9t6ujzrbpOYI%2Fz3ulGT1oCT1TgdnzAJMUKfa0V8ZdARomlGb5t%2FugW2mnuD8X3klffZ29TZqbCQJKw%2FuzYDXtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68dcaad75f464119-PRG
vary: Accept-Encoding
expires: Tue, 14 Sep 2021 22:45:39 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 86ms
26ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

584da571f67b1e738befcc9acc3412dcb324f43ac172257ee967b6ba8e11621e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49434
x-xss-protection: 0
server: cafe
etag: 7772695300083110601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 12 Sep 2021 22:45:39 GMT

GET
H2 200 wb9am2cir8wlxwfb5ezr.jpg
resources.mynewsdesk.com/image/upload/c_fill,h_628,q_auto:good,w_1200/ 28 KB
28 KB 254ms
192ms Image
image/jpeg 151.101.114.0
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resources.mynewsdesk.com/image/upload/c_fill,h_628,q_auto:good,w_1200/wb9am2cir8wlxwfb5ezr.jpg

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.114.0 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cloudinary /

Resource Hash

796a4c419326a41d2331990556008356dcdd69fa05ee498f9104c392abb2fe19

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 11 Jul 2021 12:20:01 GMT
server: Cloudinary
etag: "07254fd6573df5b16cdd2a62efb20270"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=31557600
server-timing: fastly;dur=187;cpu=0;start=2021-09-12T22:45:39.225Z;desc=miss,rtt;dur=5,cloudinary;dur=93;start=2021-09-12T22:45:39.270Z
accept-ranges: bytes
timing-allow-origin: *
content-length: 28434

GET
H/1.1 200
OK 8RYhAyJylwcr3jDA7s4l_07_90a477eaf6f5770133a1e8530dfca554_image.jpg
uconnect4.sgp1.digitaloceanspaces.com/upload/photos/2021/02/ 23 KB
23 KB 591ms
231ms Image
image/jpeg 103.253.144.208
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uconnect4.sgp1.digitaloceanspaces.com/upload/photos/2021/02/8RYhAyJylwcr3jDA7s4l_07_90a477eaf6f5770133a1e8530dfca554_image.jpg

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

103.253.144.208 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

63399b591ece157f9c193e232dce518d05fec0349d66d23d572106d7bd3e4528

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
last-modified: Sun, 07 Feb 2021 18:26:16 GMT
x-amz-request-id: tx00000000000001470da6e-00613e8313-1343172f-sgp1a
etag: "725f86c19eb1d366b2274fed29a5dc78"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: image/jpeg
cache-control: max-age=3153600
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
accept-ranges: bytes
content-length: 23554

GET
H2 200 26209505_web1_M1-ADW-20210819-Keto-Speed-1280.jpeg
43d897265kne3ed0qv2ecjw2-wpengine.netdna-ssl.com/wp-content/uploads/2021/08/ 62 KB
63 KB 634ms
567ms Image
image/jpeg 94.31.29.99
ZAYO-6461

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://43d897265kne3ed0qv2ecjw2-wpengine.netdna-ssl.com/wp-content/uploads/2021/08/26209505_web1_M1-ADW-20210819-Keto-Speed-1280.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.99 , United Kingdom, ASN6461 (ZAYO-6461, US),
Reverse DNS: 94.31.29.99.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 763264446626a22939fed5a4ea904d8bcd5d6a7bb800682561f534c14a851796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 12 Sep 2021 22:45:39 GMT
last-modified: Tue, 31 Aug 2021 07:12:01 GMT
server: NetDNA-cache/2.2
etag: "be7e6f4200e0c5f9f5f496436cb1eeb8"
x-cache: MISS
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 63889
expires: Tue, 12 Oct 2021 22:45:39 GMT

GET
H2 200 26224046_web1_M1-PDN-20210820-Keto-Speed-1280.jpeg
www.peninsuladailynews.com/wp-content/uploads/2021/08/ 47 KB
48 KB 749ms
688ms Image
image/jpeg 172.67.150.92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.peninsuladailynews.com/wp-content/uploads/2021/08/26224046_web1_M1-PDN-20210820-Keto-Speed-1280.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.150.92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39b6ca68ad8077c4696cce5004f8d05bf25b1253e27cfcd19b5dd251685ccbc3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 48396
last-modified: Wed, 01 Sep 2021 07:12:01 GMT
server: cloudflare
etag: "82bedb52d15b9e1a5d27da5305b892bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zS7TxxMww8Mh6ETOfQbLaPQGkRdOxYXlR4hkcNR2xlUQq%2B9uBhW27Rf1Aau3IqfpzCdJ761ThwzsiLCw6Z%2Bau52NDcrZNCsyYZVrAhiAcPzGB6yCuxxZqoTIT8uTTSZD%2BBFig%2B%2BtIbZjgGOJwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 68dcaad82c962780-PRG
expires: Tue, 12 Oct 2021 22:45:39 GMT

GET
H3 200 12224.jpeg
fonolive.com/profiles/b5bd750eddce6746f0b788df99440916/411772/ 6 KB
7 KB 1815ms
1799ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/b5bd750eddce6746f0b788df99440916/411772/12224.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55d33c1c6bd93be2a74a261f0eee8892b150b8623be6d7459861bccb6dae1a79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:51:47 GMT
server: cloudflare
etag: "1891-59d3102afe6b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsCErdGmi1b8i%2BLNdjCykyLhvVlh66BMtKNP%2FTOF34kUU85fVO6aNBaTwU%2B0Kltxe%2Bh%2BDnj58hlk7V0rSBXSyIjpUSlCr%2B8CP76I72qnROp1FiDPFeRyuOPd5JqdIEM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deb84309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6289

GET
H3 200 10245.png
fonolive.com/profiles/3c4f8d4782767899471702c16db54d42/162572/ 4 KB
5 KB 982ms
966ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/3c4f8d4782767899471702c16db54d42/162572/10245.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ceeddc10e4d2309950ba5f278c7dd166720c449641feacd4d07f0aaa94ac06a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:45:03 GMT
server: cloudflare
etag: "11f1-59d30ea9c843b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BNc1HB8y9Fn0n9bsZ9M37ApcEd6eqRQ%2BjBATgzAnAZaYuMH%2FjMG7ZgAcVRJbTEbKN3%2Bpvu9jgrQ1OXR9NHBr0f6lP5NaN4e9L2uiemaKgzIMT5Kt9p7M5o6%2FC8l9dSA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deba4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4593

GET
H3 200 9122.png
fonolive.com/profiles/a026e1c2dbb27ddc87239169ebde5a6b/339367/ 15 KB
16 KB 35ms
20ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonolive.com/profiles/a026e1c2dbb27ddc87239169ebde5a6b/339367/9122.png

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db4654dfc0f937e0fc39dbeec03da4dcb2d2a9463689fad97b27088a8f3640fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15283
last-modified: Tue, 28 Jan 2020 10:42:33 GMT
server: cloudflare
etag: "3bb3-59d30e1a208dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6Xnvr47WenUG%2FI6h5WR7ET0LeSOll6%2BSPAWf3h9LM5r%2BFUleFeliyt7KjS8W%2BepGKpJ5%2BDca%2Fi4fAIJtjLKLzYlapZM0FGNgVbQ77WePs5iYrpBeJ01dfCrJSwNLdI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 68dcaad7debb4309-FRA
expires: Sun, 12 Sep 2021 22:46:39 GMT

GET
H3 200 12945.jpg
fonolive.com/profiles/5204e4fa5441d2c1088bc0dcd7650625/430516/ 60 KB
61 KB 1913ms
1898ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/5204e4fa5441d2c1088bc0dcd7650625/430516/12945.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f2e1236b129118fc526e703f45c13e0248c3bb89108600c17f5fc37d227cef1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
cf-cache-status: MISS
last-modified: Tue, 17 Dec 2019 10:08:51 GMT
server: cloudflare
etag: "f107-599e383ce7c38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxcHG5DS%2F8CaF4ZshdFgj1opSL0InJfzLJyCxAyH4p3AsHZjEYqyPB5iSAU13tM5lcvz3u7lKVxfCvcca2yb8tx2AYXdlgo4C%2BKy%2BYa3IoRwS63OiG3lJwgWGVYR4ok%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7debf4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 61703

GET
H3 200 1096.png
fonolive.com/profiles/e839e3d78dadfb357c290e9746f517f3/5853/ 15 KB
16 KB 1280ms
1265ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonolive.com/profiles/e839e3d78dadfb357c290e9746f517f3/5853/1096.png

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26667af7f6de05f7b17d3c9ea9feed27d1d6db9ecd60c30a1baccc5483cb7225

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15735
last-modified: Tue, 28 Jan 2020 10:05:28 GMT
server: cloudflare
etag: "3d77-59d305d068883"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OnZDbnCcdAUMbsb0OZADDE3uCM%2FZiEjEpHZvjqpRfd51o9uPgUYrrTXTQSVyGD0qlIljwha0K6AzFcx3tv8QuGf0KfNfRJ1OzHPjQS2JNI25r2E0%2Fa7B9%2FhJgYkxY8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 68dcaad7dec04309-FRA
expires: Sun, 12 Sep 2021 14:23:09 GMT

GET
H3 200 13736.jpg
fonolive.com/profiles/93e01517694c390558a62abd508ba57f/28974/ 786 KB
787 KB 1865ms
1850ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/93e01517694c390558a62abd508ba57f/28974/13736.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9a407bdd3ca13dc7a11e3361574dac977484d39154b532986ec4f18ea1ad89d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 11 Feb 2020 07:34:48 GMT
server: cloudflare
etag: "c4985-59e47e400134d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u8NHNQ6Gwd6A%2BpGNvz8wCB7XgHFlGL%2BBaiB0hm6WdbmT88rRo1L5Up9SEUTS5I0O9BHSCHM9DXKX6q3oMqPF9GWecl7TX%2Fisw5C4zt4NoiO2lboxoXu1Ib9w%2F3UqcnQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dec24309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 805253

GET
H3 200 11953.jpeg
fonolive.com/profiles/da76dee5678ce653a91c2d0950d85dd6/405710/ 16 KB
16 KB 956ms
941ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonolive.com/profiles/da76dee5678ce653a91c2d0950d85dd6/405710/11953.jpeg

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15139ed4563c1343cc19a33cfd40611a208dc4547dfbafd661f72c302f3c65d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15996
last-modified: Tue, 28 Jan 2020 10:49:39 GMT
server: cloudflare
etag: "3e7c-59d30fb0849fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpXAaLNHxE5JHTH3E74MnwWshKUpq9a4zJT6uGOSPfh9z27mZ2w7W8SbTXQklAgdFoIHQ5v3llXQwRwNxB1vXBJL6w85ai9ob783CckH4cLYNPa88Ifb1tt92jTifvI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 68dcaad7dec44309-FRA
expires: Sun, 12 Sep 2021 22:49:29 GMT

GET
H3 200 16428.jpg
fonolive.com/profiles/7db809d185d444c466225e418172eb2d/547322/ 5 KB
6 KB 61ms
46ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/7db809d185d444c466225e418172eb2d/547322/16428.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66b1de76aa6248ef3debd63cf186297205de09e3485af1721efc8793e667248a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 14 Aug 2020 10:31:18 GMT
server: cloudflare
etag: "14f7-5acd3ebd69a57"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wtMTs0kNIyeOfF0DruuFHV5QeNNxZEsaH5O%2FkH2PuIyG%2Fp9tyTPYSaM%2FXJUeVu8r1kHtpYKP%2FJYMrTitQlFLjS2OcdGbTBH3Jp4b53TMa8WRVZhJkUFNr%2BoZqJgAms%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dec54309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5367

GET
H3 200 5705.png
fonolive.com/profiles/3fa145a0b46b6fb85228ffb3f2b5b9eb/243559/ 4 KB
5 KB 1214ms
1199ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonolive.com/profiles/3fa145a0b46b6fb85228ffb3f2b5b9eb/243559/5705.png

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c68a67e72e6a77d1b78c8d95853e2ba8a9802a690a7e52a76a62e58cf7ee272

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4496
last-modified: Tue, 28 Jan 2020 10:30:58 GMT
server: cloudflare
etag: "1190-59d30b8417adb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQSPn9uNyG0kbM%2B%2BxJO8KfHX%2BGql9pMyd1r6lrs5f13cOGUD%2FzrZXxCHdlCO4j2FOPdvqgSwQLZluvvKAwLAqJeFsY%2FKCKs7zYUqaKZ%2BHX1c%2FEOtGD1U5i2so4LpUgI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 68dcaad7dec64309-FRA
expires: Sun, 12 Sep 2021 22:47:04 GMT

GET
H3 200 2912.jpeg
fonolive.com/profiles/bb53f585132af7c3309c9746ce3aec4d/56740/ 6 KB
7 KB 1904ms
1890ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/bb53f585132af7c3309c9746ce3aec4d/56740/2912.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba5ba3bb9abfdbf7a2ebb3677f98118adf63aecc380026c6b733c65a66db1044

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:11:36 GMT
server: cloudflare
etag: "18bc-59d3072f45b69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFg1rC9xzrDwmI%2FVXYjx2BPsznqlzEAt%2FmnBlOdfbCMuEB%2BFV3y73v2wHQailRBib1GRlnGFy1QRt9l9%2FFlEpr1HzNjw8c0WSFZX5RUZVoO2odQLhjhfWdoCofkIwUU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dec74309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6332

GET
H3 200 22164.png
fonolive.com/profiles/78f4bd112735c5602ffc2c16c8a4597d/2972915/ 40 KB
40 KB 1401ms
1387ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/78f4bd112735c5602ffc2c16c8a4597d/2972915/22164.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f25b55b844516e5fea639bdf67c01bd5c2c5fd6508e7742383c1fce599fa80cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Mon, 06 Sep 2021 09:38:58 GMT
server: cloudflare
etag: "9f14-5cb506b223f2a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bb8M7yaqzstT5vv3qgQRoqhyqHInEbiNDepoKn3zdLK1RZp8F1rsWANOCFSP%2B4lfyJBX1LoHF2IY5Melb5rovUY5TMynygrBmsa9jdzqi1ibfXz9geVHbx5KYsxVgTA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dec94309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 40724

GET
H3 200 1688.jpeg
fonolive.com/profiles/2c9bf4591a83ff502625d7328c2bb7e5/24214/ 6 KB
7 KB 985ms
970ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/2c9bf4591a83ff502625d7328c2bb7e5/24214/1688.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50c03fe1fe17e13616a80a3c154a6be47b363c6095ffa93cfee89d0befe11f4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:06:53 GMT
server: cloudflare
etag: "1949-59d3062196f60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3m0jmg4O%2FmzAv3o3uFAFcATGetZ8y67Wm5OtrjqPuiBUB7BQAYPQSQfdtGjB5ubHpjglEY7SdtuUoGTJ1dCKo7QWBPtcm8RYm5wQQVG75Vg9VRwzH8B94CxNI5G3hA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7decb4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6473

GET
H3 200 3065.png
fonolive.com/profiles/2b767d5dfb0ca7b33bfb04044ee16a2b/72230/ 321 KB
321 KB 1407ms
1393ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/2b767d5dfb0ca7b33bfb04044ee16a2b/72230/3065.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d303e133769b76ee451188b71741a88ab4ad249592732e9eaffec92bf02bc82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:12:17 GMT
server: cloudflare
etag: "50344-59d30756f3098"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMFBokgG2xbfRr9erXJkSEFQD%2BlIQuAuXqhfyNzMp7qvjTpuSn2lWVnSfS4jJYlMFjFFhdoxJbnR%2Bsp%2BkTOiOnhRKI%2BVCxl%2BXcvjkxgkd5fxpggKyIxriKMVvvoaOHQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7decc4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 328516

GET
H3 200 10888.jpeg
fonolive.com/profiles/a875234f74a091615d5b2ea870bb5bba/280720/ 6 KB
7 KB 1819ms
1805ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/a875234f74a091615d5b2ea870bb5bba/280720/10888.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c2a53f37f553aadd86aa8b897b87aa171242710b269c02b0dfff5820c9bfde8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:46:26 GMT
server: cloudflare
etag: "1828-59d30ef8ed2f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oN32LsJmFJFbNUaybvqaNNnYS%2Bxao60bpQ9yNCM%2FC1mjWn97%2F5tAZELsVpQOqI9vTm3snoela9TN5kpP91dTyJyvdwF%2FwB4qzOWO3JSlpGormx%2FNeVpT0YLmVizodIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dece4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6184

GET
H3 200 8737.jpeg
fonolive.com/profiles/701307e2c2c77b137f86c438a5633171/205881/ 4 KB
5 KB 1311ms
1297ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/701307e2c2c77b137f86c438a5633171/205881/8737.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9967eb2bd6c3dc5e9db3109798019bbd4f49a4dc992ff89c2af1e722cc16007d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:41:36 GMT
server: cloudflare
etag: "11d4-59d30de4629f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3ATPiwQ%2FE9PHRcBcB%2FSDcRGWKwQAqayGkxR7%2Fv%2Bxj%2BdJSFvVOI8pviFOFdtHiWt6W%2Bj%2F7z5JQV3Z0aXiIux2Oo1t0ZUhkfw0lBFPNAcxeJvGrZvuIGO5QIE%2FuMtLAs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7decf4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4564

GET
H3 200 13590.jpg
fonolive.com/profiles/9bc5f326abe5354945dd2dcde8afb4bc/454134/ 108 KB
109 KB 1772ms
1758ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/9bc5f326abe5354945dd2dcde8afb4bc/454134/13590.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a2ab5d86b083aa22e38cb0f4d4683ef537b468b14ae11933d8e0344e6001444

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Thu, 30 Jan 2020 04:57:09 GMT
server: cloudflare
etag: "1b166-59d544a12d10a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IyOq3JN9hNFTBxDWE0Z54KZ24DJkbA3QWAk0cxfpfR1xZCf9VufpxgRfZK6U10l6QH6RSlY6YnI5drQ4D1%2FtQYJbx%2B%2BrzoXOiJXhHfr%2Fg0CSBNh02tWosfd7wtuDO58%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7ded14309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 110950

GET
H3 200 15364.png
fonolive.com/profiles/30d7379d81c0d0c3937bc87c8fa7c998/532249/ 5 KB
5 KB 1949ms
1935ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/30d7379d81c0d0c3937bc87c8fa7c998/532249/15364.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b2d5f8feb067482c320f47b68ec2a27233a59d124bd09229af1b26961cce9bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
cf-cache-status: MISS
last-modified: Wed, 17 Jun 2020 18:55:11 GMT
server: cloudflare
etag: "139a-5a84c331ac8fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4EyrI0ra3oz2R3HOM5S9oa0ASy3SoK%2B2EfeHTZKVxff7j5c1oMnqN%2FG3txOlxU%2FRPieDTHLxDcTUKvGWwOuEYyqWX%2BOiLJ5GQ5se9pFSh12sL%2BSyRl2C8WWpIttZVbE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7ded24309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5018

GET
H3 200 5703.jpeg
fonolive.com/profiles/4c7d557a4409bbd2cf0bf3ede13542f9/193457/ 22 KB
23 KB 1604ms
1590ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/4c7d557a4409bbd2cf0bf3ede13542f9/193457/5703.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35175cacfd478017a1eb488452dc6e7ed4544a6114a10ff14e599a5dd35d4f64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:30:58 GMT
server: cloudflare
etag: "59d6-59d30b83ecb59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNNuaYREJoBG2F%2FGr69ox%2FAcpWiMFqA6mPqKZTOECeBwGVnyFEJ4AVjgfxnZRlH0rGZnWFGTdutPgKi20z5LmBURngP%2F6NtIfTSIRyXwTK28g%2FKZFaL44CHreLSq7Sk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7ded74309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 22998

GET
H3 200 9504.jpeg
fonolive.com/profiles/0c8561b745fffc9aa4412da69bed2d7b/348771/ 65 KB
66 KB 1964ms
1951ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/0c8561b745fffc9aa4412da69bed2d7b/348771/9504.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93a67d13e4e376ca251f24aa507cf31790c1db4251748709a22ddfb84509e93f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:43:19 GMT
server: cloudflare
etag: "104b9-59d30e463baad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3M3GlBmoBIBRFrEkEafzr6yZGhviVP%2F%2F3DNzmNKi4z5CaqST69It%2Ba1li3Aoyjh919kaO9fODcre15GGpqYNFmSL%2FKkY79lR%2F0lbm7lvkY7hjszhgA%2ByrEtGZX4thyw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7ded94309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 66745

GET
H3 200 13030.jpg
fonolive.com/profiles/b13e8ba4108bd571c52934deea59ae77/432817/ 72 KB
73 KB 869ms
857ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/b13e8ba4108bd571c52934deea59ae77/432817/13030.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 640c546ad6ce06848151e46864cd4f9a755ad1d53c972535af70e482ef8a29f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: REVALIDATED
last-modified: Sat, 21 Dec 2019 05:38:32 GMT
server: cloudflare
etag: "121f0-59a303469dd14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ibuQ0JoN6nDmmAZ3%2BeZWuPjBv8HjdTVXlHuOS9e51odCCwXNmdK677Bp1DcA44xOt6dsa9Ki3tjX2FbOnUtKIAVn%2F7uR5nZGk6S1HIqAIc2iYZcnpKeDHAuZp3OIJhQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dea54309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 74224

GET
H3 200 13811.jpg
fonolive.com/profiles/0f1f4ed7e5de6d63d6c581267a44ed5f/456452/ 5 KB
6 KB 943ms
932ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonolive.com/profiles/0f1f4ed7e5de6d63d6c581267a44ed5f/456452/13811.jpg

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cee1ef99bae6c5d23a2d5d66634d74856b257e5f139ff2ac3854f8dfc4254a21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5517
last-modified: Thu, 13 Feb 2020 05:30:46 GMT
server: cloudflare
etag: "158d-59e6e6415a024"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKUXifdPgWhV7eGiFgd9qadLr7nA44Xyf4IkxGdrFhTgtZlrb8H6A9txNwZEetBuvNx4cqA9XRMNm86ACj4YsY7WLO3qEPvr4IobjAwmkqjTTDnYKlKJweI48TBoItw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
accept-ranges: bytes
cf-ray: 68dcaad7dea64309-FRA
expires: Sun, 12 Sep 2021 22:46:27 GMT

GET
H3 200 16678.jpg
fonolive.com/profiles/05cd97c3d6b269866d5da9b06e9a13f7/575274/ 2 KB
2 KB 1193ms
1181ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/05cd97c3d6b269866d5da9b06e9a13f7/575274/16678.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 249f2fcb19253e0d13549aae44b6361fbc139a519938fb5957cec19bab521e06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Fri, 28 Aug 2020 16:21:59 GMT
server: cloudflare
etag: "792-5adf273bf41a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfdQxeOSFFW87hz9chgwAG1ASXZji5ymjMFtDTlrNiHvFaj8CI%2FEORqpR3gV1YFqcoLwdypAAE7CmLlfqoI6SE5GXGI24vk8kUkdfMTY9A0AZRBomGwL%2FNxSDL63Lao%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dea74309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1938

GET
H3 200 18990.png
fonolive.com/profiles/1b15cc7af2d0c226dcc09634da797f43/805368/ 27 KB
27 KB 635ms
623ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/1b15cc7af2d0c226dcc09634da797f43/805368/18990.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb75b03db85cedd0c8cb1516f0ed2b4bc10283501cd85d29c90372ec82d8d59f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
cf-cache-status: MISS
last-modified: Fri, 22 Jan 2021 20:38:12 GMT
server: cloudflare
etag: "6bad-5b9832aba5b52"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vh5zkWHy76lDxIdZeVisQL8exOaZfIzfVuYoFKRwyRXMn5jWyfEcuQsGffyEmznjCr523euUvN2fHLA7Hsic75vyWrfRbJOZvd2osUYS4m3s9uUSw7WoyNzQCbRUMI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dea84309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 27565

GET
H3 200 14471.jpg
fonolive.com/profiles/e0525613bf3cb864630c02467579f9ac/494434/ 29 KB
30 KB 704ms
693ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/e0525613bf3cb864630c02467579f9ac/494434/14471.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f368189e6a99373c892a96a53534783cf02f110ad3a85778f02803cc65ae0de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
cf-cache-status: MISS
last-modified: Wed, 08 Apr 2020 14:37:03 GMT
server: cloudflare
etag: "74cb-5a2c86f07ffea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2BfAQb%2BXWOL4BwLzcFru1elV%2FGMjgbQmzxPBrHVmnX1wsYN0iMt4TfedW0b4kp284jK8568txG5h3Fi9%2BR04J6F9fAABQ077svDOJm4hSLpZWhsnPTvmpav033984S8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7dea94309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 29899

GET
H3 200 21439.jpg
fonolive.com/profiles/760f34465d799d2718a5b758f7503ade/2838560/ 12 KB
13 KB 576ms
565ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/760f34465d799d2718a5b758f7503ade/2838560/21439.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9620cf344bdc85c81adb80205c010a04380db5a8334b8b00561acaddf054a173

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
cf-cache-status: MISS
last-modified: Sun, 25 Jul 2021 15:23:42 GMT
server: cloudflare
etag: "3069-5c7f438d342bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdjMtLD%2Fbm9MqbVc%2BxNUkCe4ErUjrayaZl4O6pmGWRndwsIDi%2BLhFoF8mE7ovwoHqhcx7fqfTmbAe9vQ8mcb0Dcsjh2JG2vhRC%2BYCayjJ0k2njB57bbiEdaITbGj8WE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deac4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12393

GET
H3 200 12301.png
fonolive.com/profiles/de38abe3b44adc48455158db92fd81f3/413548/ 14 KB
15 KB 989ms
978ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/de38abe3b44adc48455158db92fd81f3/413548/12301.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5148a6d00fb53a8c67d946e3b14eba63223df1600e7204c6fc13634cf34087ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:52:04 GMT
server: cloudflare
etag: "3810-59d3103addee7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evrh9HVzwbzXrgN1KaOkMiI3DRszOWQcQzGwGL7InhHJVCxocPHWPhUKGqJTVhqDdn82Nlg517gRIU9wE8LesvO%2BURjE%2FIb0dAdzcXu3JNUQUVGZxEj7pZYhiRxemkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deae4309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 14352

GET
H3 200 16495.jpg
fonolive.com/profiles/a7105101f1fdf1a69f3b6c9aa8bc1830/568442/ 12 KB
13 KB 736ms
725ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/a7105101f1fdf1a69f3b6c9aa8bc1830/568442/16495.jpg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ae5ee36b18ca0e4b11aaad6cca148ea2668e1c5e79bfd72632e282a66c4698f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
cf-cache-status: MISS
last-modified: Tue, 18 Aug 2020 18:47:19 GMT
server: cloudflare
etag: "2fc2-5ad2b511dd390"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4yMS5iOq9I43c3WqA9hdI20OMZ945X96vELIejZ7%2BJ4uMFdfWiHvhWCFARu0IryMHrsMVjaJjoBh%2FyJ89GtOhzgdoBtMnoadCenUwuCJserx13NJ%2B0hRyDxmlSaO7u0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deb04309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12226

GET
H3 200 14143.png
fonolive.com/profiles/7ad44d39aa2961b51039a3f59ed18a71/476945/ 92 KB
93 KB 914ms
903ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/7ad44d39aa2961b51039a3f59ed18a71/476945/14143.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 802b621afc351db3ce3d23ac1ee1417623555f685a790e5af20a892b08c3abdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Fri, 06 Mar 2020 12:01:29 GMT
server: cloudflare
etag: "17125-5a02e69f097a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvuhJGP66eTnB1bv5fxXwINvOsPFnXo1OBkBkUpYg%2BbwsME20PNq%2Fw%2FkrEI6pnjxBXlA8ZL8%2FZfQW2xSw5yDzkSoc7BDfKjoqLC3W3YKWjtni1KkmgodS17Nidk0ENk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deb14309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 94501

GET
H3 200 8005.jpeg
fonolive.com/profiles/61ae8d1ae13123a25f994b7c8ec4e1d4/319073/ 78 KB
79 KB 1633ms
1622ms Image
image/jpeg 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/61ae8d1ae13123a25f994b7c8ec4e1d4/319073/8005.jpeg
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5afe499c8df1fda4fcb575fa4864d3247f8eece1ed818a1d18d8d187dda7c25c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 10:36:52 GMT
server: cloudflare
etag: "138e1-59d30cd518d18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGOUFaGZZpUNnJIveuhlIbL7tEh24qKRIJNrI1lUxOSd2UYb%2FwsgLCuJm5a%2FQCuCvjxmz%2Fz607kEBfuvxEbMEAfljw6PzCG1BP%2BwsxGexIeWtNt2krd3Xcd8CeGgtE4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deb34309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 80097

GET
H3 200 18621.png
fonolive.com/profiles/46f26517576425e5ce126820017ecb89/719327/ 73 KB
73 KB 1059ms
1048ms Image
image/png 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fonolive.com/profiles/46f26517576425e5ce126820017ecb89/719327/18621.png
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48a7a25e4a343cbf531574dfb105b11ad00e698aebb359fa97d4f67f508a95ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: MISS
last-modified: Wed, 30 Dec 2020 07:56:31 GMT
server: cloudflare
etag: "122ed-5b7a9d86721f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EpKZO8%2BGAC14a62B33wPcHH5NI%2FJCGErAfjl7m6aoqozTEvOtroY9LI36kaagE%2B7PrmMFEVG8TaOkTEn85NKaL86IuWxZqcbCkuNOKcCiX7KJV6LhjGRHgSXIr1hgeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400, s-maxage=10
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 68dcaad7deb54309-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 74477

GET
H2 200 onejs Show response
z-na.amazon-adsystem.com/widgets/ 22 KB
8 KB 430ms
387ms Script
application/javascript 13.32.28.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=6f38a3a8-4804-4981-ae71-349ed7411527
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.28.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-28-37.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 8ac599ef74d2dd25a1f4c753ce6819c9076283d19118fd9f73a39f8f343d3bdc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: Public
date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
charset: UTF-8
cache-control: public,max-age=300,s-maxage=300,no-transform
content-length: 7358
via: 1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
x-amz-cf-id: fckR_yN5d9ljqdqNKCvHOCG3wa5SZAPaR8951nf-Ikh5keMYSI6cMQ==
expires: Sun, 12 Sep 2021 22:50:39 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 94 KB
33 KB 68ms
31ms Script
text/javascript 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 22:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 175335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33507
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Sep 2022 22:03:24 GMT

GET
H3 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
11 KB 37ms
20ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 722, 617, 617
age: 12330794
cdn-cachedat: 2021-04-23 06:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 4d754b80063fefd140cd3ceef9432c00
cf-ray: 68dcaad7e954278c-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
31 KB 48ms
14ms Script
text/javascript 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 21:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264045
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 21:24:54 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 72ms
13ms Script
text/javascript 74.125.133.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f97.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 2893
date: Sun, 12 Sep 2021 21:57:26 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Sun, 12 Sep 2021 23:57:26 GMT

GET
H3 200 promoted-ads Show response
fonolive.com/ Frame 8DC2 5 KB
3 KB 1248ms
1238ms Document
text/html 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonolive.com/promoted-ads
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f89a9bdab535ebe4fd1aa9ba34f1fd5821c5f1e2ed1142576aca075251e30024

Request headers

:method: GET
:authority: fonolive.com
:scheme: https
:path: /promoted-ads
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=j7mgvv8pr3ao1ljk6l0ef3lgh6; path=/
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-mod-pagespeed: 1.13.35.2-0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjGwRzcTYTGOhjTi3iclZrwu0F9p%2BJiddtgIJlUtEk22cAHPSiTiTyfUkblDmFMdBuYpcD3y%2B%2BiyW1VM8hLZkGQrcYKAC%2BlQNTccZb4BTZTMuK134dsiATuxqeGams0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68dcaad7deb74309-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 x3dlckLDZbqa7RUs9MFVbN0msg.woff2
fonts.gstatic.com/s/engagement/v12/ 25 KB
25 KB 59ms
25ms Font
font/woff2 74.125.206.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/engagement/v12/x3dlckLDZbqa7RUs9MFVbN0msg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Engagement

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f94.1e100.net

Software

sffe /

Resource Hash

218086d4079f261aadbdef5797b020f5126924b866870672ba78436dd52f2707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://voticle.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 16:03:06 GMT
x-content-type-options: nosniff
age: 110553
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25788
x-xss-protection: 0
last-modified: Fri, 19 Mar 2021 03:47:53 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Sep 2022 16:03:06 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 14 KB
15 KB 47ms
13ms Font
font/woff2 74.125.206.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f94.1e100.net

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://voticle.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 14:47:03 GMT
x-content-type-options: nosniff
age: 547116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Sep 2022 14:47:03 GMT

GET
H3 200 glyphicons-halflings-regular.woff2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/ 18 KB
18 KB 45ms
24ms Font
font/woff2 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Origin: https://voticle.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601
age: 2268823
cdn-proxyver: 1.0
cdn-cachedat: 08/03/2021 23:23:50
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 18028
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 35d6eed9c43bdc65efcdeac94d6dfb72
accept-ranges: bytes
cf-ray: 68dcaad7f8294113-PRG
cdn-requestcountrycode: CZ
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 514 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bae9fc3e57c860103d1e03360ba3246e3b6c5bcaa6f3183ce8066cc69843a5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 654 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7560081f09d7c7cc914628f0d6f9bd2f91a1c33ccd0403e130c441c607d06f33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 888 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c462a751af6aeec10856860e6a0887193f98e3fe500686141d3cb0bdcdc042a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ae11b8d7458ea7d87d6889e190ad6b5701aaf6072f54df327f745c997c3a0d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 564 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fd9607fb490da15bcad08a1091da8b5b62069d578624da8711e2e59a1d72de49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 600 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b582acaf161db1ef436343a487e95a35a5ee579d35893ad726dce7fa4b85b4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 568 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa300a570cc50f33f0dbe6fa43169017bb99a2518e002f72b5a445ae07f7edc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 550 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3ff0a9b4b8ab001e88e276ee8eccb5c3ca12ac572d894de2732616cfeb7212b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 promoted-ads Show response
fonolive.com/ Frame 058F 5 KB
3 KB 1893ms
1892ms Document
text/html 104.21.54.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonolive.com/promoted-ads
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.54.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f89a9bdab535ebe4fd1aa9ba34f1fd5821c5f1e2ed1142576aca075251e30024

Request headers

:method: GET
:authority: fonolive.com
:scheme: https
:path: /promoted-ads
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=50292d4toa0r2lt930g0buh9g6; path=/
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding
x-mod-pagespeed: 1.13.35.2-0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ub1lYc3Ql0D0C6mmLuK2zT62LbEv11T%2ByV7EbomFh7pYsva%2BPJ4jVcwAMdvbVxsBTzSV59nzu%2FaqYLbUUwAag6oO3khFeyDfyQHhWNthlNJasv%2B5EOC%2BJ4OgwQN4TQI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68dcaad82f6d4309-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 29ms
14ms Image
image/gif 74.125.133.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=390303414&utmhn=voticle.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=The%20Keto%203DS%20Reviews%3A%20SCAM%20ALERT!%20A%20Legitimate%20Weight%20Loss%20PDFs&utmhid=492779060&utmr=-&utmp=%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&utmht=1631486739294&utmac=UA-38085162-3&utmcc=__utma%3D229138075.933783849.1631486739.1631486739.1631486739.1%3B%2B__utmz%3D229138075.1631486739.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1364550629&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f97.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/ 251 KB
93 KB 57ms
36ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

cadedca735c6ec45885014e69884b741d9ef44349cd95c9271ae066216d49f6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95406
x-xss-protection: 0
server: cafe
etag: 12270461373536854434
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Sep 2021 22:45:39 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210908/r20190131/ Frame 45AB 10 KB
5 KB 47ms
13ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210908/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210908/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 12 Sep 2021 19:21:16 GMT
expires: Sun, 26 Sep 2021 19:21:16 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 12263
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 201 B
656 B 74ms
26ms Script
text/javascript 74.125.71.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=voticle.com&callback=_gfp_s_&client=ca-pub-5121538459968588

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.71.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wn-in-f156.1e100.net

Software

cafe /

Resource Hash

a5e8deecebd13675e66a0270f6db1e8bac4cee809d3f01e264d80ce825d69ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 191
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 53ms
18ms Script
application/javascript 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=voticle.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 09B6 436 B
234 B 200ms
184ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=8250817351&adk=2440252158&adf=1492073588&pi=t.ma~as.8250817351&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739311&bpp=6&bdt=247&idt=106&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&correlator=227100715265&frm=20&pv=2&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=1&uci=a!1&fsb=1&xpc=QvZhQX4mmY&p=https%3A//voticle.com&dtd=120

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

0893af79ad47e41929d7c616911b62f4d0768ddc8aed122c305ce765410a033d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=8250817351&adk=2440252158&adf=1492073588&pi=t.ma~as.8250817351&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739311&bpp=6&bdt=247&idt=106&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&correlator=227100715265&frm=20&pv=2&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=1&uci=a!1&fsb=1&xpc=QvZhQX4mmY&p=https%3A//voticle.com&dtd=120
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 211
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 48ms
14ms Script
text/javascript 74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

sffe /

Resource Hash

74696de7db3cfc983f841facfdca75dbf4c114af467b05e23fe6d95694cab0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1631273431406706"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27627
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:39 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AFCC 436 B
236 B 184ms
183ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=9376916555&adk=3757388224&adf=3248948864&pi=t.ma~as.9376916555&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739317&bpp=1&bdt=253&idt=124&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=8YhOoizg6T&p=https%3A//voticle.com&dtd=128

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

25582d64d197e7a7ab204e2f9f2e285eb66e3d50f86187fa04eb4f599fff6557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=9376916555&adk=3757388224&adf=3248948864&pi=t.ma~as.9376916555&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739317&bpp=1&bdt=253&idt=124&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=1201&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=8YhOoizg6T&p=https%3A//voticle.com&dtd=128
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 213
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BFD4 436 B
234 B 190ms
190ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=8250817351&adk=2440252158&adf=1531977944&pi=t.ma~as.8250817351&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739318&bpp=1&bdt=255&idt=131&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=1801&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nw9mkLgKZ5&p=https%3A//voticle.com&dtd=133

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

637d9bee419d6a12875375302e5bfce70458c0fee1552e290619fa446444b9eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=600&slotname=8250817351&adk=2440252158&adf=1531977944&pi=t.ma~as.8250817351&w=165&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=165x600&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739318&bpp=1&bdt=255&idt=131&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1220&ady=1801&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nw9mkLgKZ5&p=https%3A//voticle.com&dtd=133
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 211
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 39FE 436 B
236 B 203ms
202ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=3333677467&adf=1475420161&pi=t.ma~as.8250817351&w=443&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=443x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739319&bpp=1&bdt=255&idt=134&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=733&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=4&uci=a!4&fsb=1&xpc=RmJ8tGbbmQ&p=https%3A//voticle.com&dtd=136

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

c258fa95207f32247df878b871040b36b44ca64b81e24699ae4301b9194be751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=3333677467&adf=1475420161&pi=t.ma~as.8250817351&w=443&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=443x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739319&bpp=1&bdt=255&idt=134&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=733&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=4&uci=a!4&fsb=1&xpc=RmJ8tGbbmQ&p=https%3A//voticle.com&dtd=136
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 213
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BE63 436 B
236 B 167ms
167ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=3531856095&pi=t.ma~as.8250817351&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739320&bpp=1&bdt=257&idt=137&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2656&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iParEqXXIL&p=https%3A//voticle.com&dtd=140

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

69f065839acb858a47a9a6da17f766ce773a4d5dbecc9929a67b39b97712e335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=3531856095&pi=t.ma~as.8250817351&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739320&bpp=1&bdt=257&idt=137&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2656&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iParEqXXIL&p=https%3A//voticle.com&dtd=140
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 213
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C4F8 436 B
236 B 214ms
213ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=9376916555&adk=3224866322&adf=2455508272&pi=t.ma~as.9376916555&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739321&bpp=1&bdt=258&idt=142&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=pADLIUZcWM&p=https%3A//voticle.com&dtd=145

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

0fea8655ff811d3d7a96ccff2a1535640caf6ae767316a78a1bbbf3d09b231b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=9376916555&adk=3224866322&adf=2455508272&pi=t.ma~as.9376916555&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739321&bpp=1&bdt=258&idt=142&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=pADLIUZcWM&p=https%3A//voticle.com&dtd=145
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 213
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0C3F 436 B
234 B 211ms
210ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=2688178878&adf=14637539&pi=t.ma~as.8250817351&w=360&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=360x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739322&bpp=1&bdt=258&idt=146&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1010&ady=3590&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=fVsxjAfDgq&p=https%3A//voticle.com&dtd=148

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

9edcd0639ed669b064c88c23b0a7f54e551309d3d3c5327620562d1d01865703

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=2688178878&adf=14637539&pi=t.ma~as.8250817351&w=360&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=360x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739322&bpp=1&bdt=258&idt=146&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=1010&ady=3590&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=fVsxjAfDgq&p=https%3A//voticle.com&dtd=148
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 211
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 44ms
16ms Script
application/javascript 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=voticle.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A8EF 16 KB
5 KB 151ms
151ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3025194257&lmt=1631486739&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739591&bpp=1&bdt=527&idt=1&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280&nras=1&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&ifi=9&uci=a!9&fsb=1&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

72732592aa19782be9f0dd18c06419f85e92d644496f061b6d365327cd5fc36c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3025194257&lmt=1631486739&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739591&bpp=1&bdt=527&idt=1&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280&nras=1&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&ifi=9&uci=a!9&fsb=1&dtd=6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 4891
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 12-Sep-2021 23:00:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=voticle.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D642 436 B
236 B 230ms
230ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=4127274632&pi=t.ma~as.8250817351&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739322&bpp=1&bdt=259&idt=150&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0&nras=1&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=4593&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=9IwM8Snnpd&p=https%3A//voticle.com&dtd=392

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

f54d5b8f038420489b4d59ddefdcea5bd0ba3a88bc04b77d906404d37030ca0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=4127274632&pi=t.ma~as.8250817351&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739322&bpp=1&bdt=259&idt=150&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0&nras=1&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=4593&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=1152&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=9IwM8Snnpd&p=https%3A//voticle.com&dtd=392
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 212
x-xss-protection: 0
set-cookie: IDE=AHWqTUnkLqwYeEzzbuZmhdaUKdI7zxA3WbVc__YuJTg7fHvuF35iKNOATpJVZ62Gsv0; expires=Fri, 07-Oct-2022 22:45:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=voticle.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FBDB 436 B
237 B 188ms
188ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&adk=617080280&adf=3730911173&pi=t.aa~a.3611581317~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=-M&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280&nras=2&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2676&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=10&uci=a!a&btvi=7&fsb=1&xpc=rFtoqOidXq&p=https%3A//voticle.com&dtd=11

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

1f900cd253194a3c578bbd96af01f1abed0c7f86de910bada78366d8f5e2c7fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&adk=617080280&adf=3730911173&pi=t.aa~a.3611581317~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1140x280&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=-M&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280&nras=2&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=230&ady=2676&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=10&uci=a!a&btvi=7&fsb=1&xpc=rFtoqOidXq&p=https%3A//voticle.com&dtd=11
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 213
x-xss-protection: 0
set-cookie: IDE=AHWqTUlXXmyVzXyL48fkZPYquI1KsPwT888n7raGxCA7nRq5bcPI7sOTnze9dxheY-M; expires=Fri, 07-Oct-2022 22:45:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F9A3 26 KB
11 KB 202ms
202ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=90&adk=2743202993&adf=3116027668&pi=t.aa~a.1977422338~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1200x90&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=0&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280%2C1140x280&nras=3&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=200&ady=3835&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=11&uci=a!b&btvi=8&fsb=1&xpc=A9xFWCJ06F&p=https%3A//voticle.com&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

f67f41ac441f872b66a88b2b75dabb408acc664926a6e798c889c7b7c8bbca7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=90&adk=2743202993&adf=3116027668&pi=t.aa~a.1977422338~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1200x90&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=0&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280%2C1140x280&nras=3&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=200&ady=3835&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=11&uci=a!b&btvi=8&fsb=1&xpc=A9xFWCJ06F&p=https%3A//voticle.com&dtd=14
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:39 GMT
server: cafe
content-length: 10976
x-xss-protection: 0
set-cookie: IDE=AHWqTUmm6no2_aWgRqgELT92VvIeyp_MlYHoFiiXO4VvzeMVqgH4d8o-edQSoN2xv-Y; expires=Fri, 07-Oct-2022 22:45:39 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 12 Sep 2021 22:45:39 GMT
cache-control: private

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C21B 0
0 19ms
18ms Fetch
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ch4EFE4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE8QFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRejaauSA34o15zrqphYp8or9vQgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01MTIxNTM4NDU5OTY4NTg4GAA&sigh=k4FrayO6Lrw

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=90&adk=2743202993&adf=3116027668&pi=t.aa~a.1977422338~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1200x90&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=0&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280%2C1140x280&nras=3&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=200&ady=3835&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=11&uci=a!b&btvi=8&fsb=1&xpc=A9xFWCJ06F&p=https%3A//voticle.com&dtd=14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 12 Sep 2021 22:45:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame C21B 0
0 93ms
25ms Fetch
image/gif 34.95.89.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kr5h5c19n7k6nden977dr9gyvv01k7d7w1pegf6fqrbg4dtwvzwghcgsgne7zvb13yfbfjdvefm5bvhr7bvbsygcjse1ft277wy8rm0vvyn2fyw9a90hfadezzcjr5gdnv3bpq9h2csm17qmxa27rvf3ffzbek6gs79rzx8hbthycae2j6krgmgta38vb7st2tc3hgbhzz1bq5hd8ewwqgb9g0v5ryha3rgwxxjmqcnwg3d8gf79a31j68rdpgmh0nja4tqqrnsy9vca3jdse6q1wmjchzk17pmvzxx3n77jq0v9k4csrpq7s7nnrf8bth0dyj149jgxckvhfy3qxzq0da2cy9a7sqj8vqbwpp699mh1c9602f81zaxfnk6p65dhyjkhg&b=YT6DEwAMhbEIFUBAAAXuFXD2llespT-SWiOy1w
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.89.54 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 54.89.95.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 12 Sep 2021 22:45:40 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame E57A 2 KB
3 KB 113ms
45ms Document
text/html 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=90&adk=2743202993&adf=3116027668&pi=t.aa~a.1977422338~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1631486739&rafmt=1&to=qs&pwprc=8256796650&psa=1&format=1200x90&url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486739781&bpp=1&bdt=718&idt=0&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0a4f14cecf23f2a6-2237780d1dcb0045%3AT%3D1631486739%3ART%3D1631486739%3AS%3DALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA&prev_fmts=165x600%2C165x600%2C165x600%2C443x280%2C1140x280%2C1140x280%2C360x280%2C0x0%2C1140x280%2C1140x280&nras=3&correlator=227100715265&frm=20&pv=1&ga_vid=933783849.1631486739&ga_sid=1631486739&ga_hid=492779060&ga_fc=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=200&ady=3835&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062519%2C31062492%2C31062297%2C31062094&oid=3&pvsid=1055957755318994&pem=130&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=1152&bc=31&ifi=11&uci=a!b&btvi=8&fsb=1&xpc=A9xFWCJ06F&p=https%3A//voticle.com&dtd=14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc27c98585fe5c7e365646e82394a8817181497e7acca9f7d66113d770ebbf13

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 68dcaadd9bc8f9d6-PRG
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/ Frame C21B 2 KB
1 KB 71ms
19ms Script
text/javascript 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 17:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18911
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 17:30:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5720 1 KB
749 B 20ms
20ms Document
text/html 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 12 Sep 2021 05:09:05 GMT
expires: Mon, 13 Sep 2021 05:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 63395
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C21B 125 KB
38 KB 49ms
25ms Script
text/javascript 74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

sffe /

Resource Hash

1b6abcd01d2337e70b8fdde5a150175d2d4a3231d464e25b9cbdb5bac2bfcd2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1631273423644667"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 38649
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/ Frame C21B 14 KB
7 KB 69ms
17ms Script
text/javascript 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210908/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 21:55:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3019
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Sep 2021 21:55:21 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5720 35 B
463 B 49ms
8ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKXeQySC9i0swwiqXQCSxGY&google_cver=1&google_push=AYg5qPI_aj2EkBOK3TySUPDN6qUadCJfM02Y00CoX9xXpXUr0X3QtqartC0Hh1TxrBxUaFFmfS61ViSrxFWInkju_TIa-mHUbcjo

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5720
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIDeqodW7mpOdOHvBpb-lHgF6UmWdkLDOBM5UQ099kLx4uagLMeooVegdZxorP35msxFpm3IPuGo0aLn4bwKnEsRabacEkO&google_gid=CAESED04Udcn48m803sU0X19rRI&goo...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJSG-okGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBJRGVxb2RXN21wT2RPSHZCcGItbEhnRjZVbVdka0xET0JNNVVRMDk5a0x4NHVhZ0xNZW9vVmVnZFp4b3JQMzVtc3hGcG0zSVB1R28wYUxuNG...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYlMwdGw2NWt2aTRPZnZXakl6aHhNM3FrVjRhajVmeGxnNXhNVTNIYVd0bw==&google_push

170 B
188 B

40ms
29ms

Image
image/png

173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYlMwdGw2NWt2aTRPZnZXakl6aHhNM3FrVjRhajVmeGxnNXhNVTNIYVd0bw==&google_push

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 12 Sep 2021 22:45:40 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwYlMwdGw2NWt2aTRPZnZXakl6aHhNM3FrVjRhajVmeGxnNXhNVTNIYVd0bw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5720
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIxiDeC...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIxiDeC...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MTIyMjQ1NDAwMDAxMzk2NzYxOTk5MQ%3D%3D&google_push=AYg5qPIxiDeCtMoBnPxbnua8W_D0lum9C0sMcL3zBkxbnmAqz0gQeoZwa1c-vborwh0hs6...

170 B
188 B

26ms
26ms

Image
image/png

173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MTIyMjQ1NDAwMDAxMzk2NzYxOTk5MQ%3D%3D&google_push=AYg5qPIxiDeCtMoBnPxbnua8W_D0lum9C0sMcL3zBkxbnmAqz0gQeoZwa1c-vborwh0hs6s0k6alsOTjni9aQvO57I2qVetD2zoz

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MTIyMjQ1NDAwMDAxMzk2NzYxOTk5MQ%3D%3D&google_push=AYg5qPIxiDeCtMoBnPxbnua8W_D0lum9C0sMcL3zBkxbnmAqz0gQeoZwa1c-vborwh0hs6s0k6alsOTjni9aQvO57I2qVetD2zoz
pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5720
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEIoONVM_5Ebe0KbNWl8TV1M&google_cver=1&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY
https://rtb.openx.net/sync/dds?google_gid=CAESEIoONVM_5Ebe0KbNWl8TV1M&google_cver=1&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY&google_hm=TxVUJQRDzmEOgDMGP-nS7w==

170 B
188 B

34ms
28ms

Image
image/png

173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY&google_hm=TxVUJQRDzmEOgDMGP-nS7w==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:39 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJef21vPy3Vu0llxlb2eTwm0EQxkSTKV_cNWF966EdWx0Un3Qi6IuhtybSKBQH-DfMBLODCwrZhgSgGwfBLJ8GysMQdvcpY&google_hm=TxVUJQRDzmEOgDMGP-nS7w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: e1ccudq3trk5d35pce6d5ak7pn4m9bip

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5720
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m6vmh8CAQKirdXJ-wne7iw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

28ms
27ms

Image
image/png

173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m6vmh8CAQKirdXJ-wne7iw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKUt2kh9QYoNynCj5lRCMAdRTMAHlDOCla1_8vZWqgwjl5dMOGyM0F9_RBiEZWx00E0w5jnzMeqQrWhzkJZO85_EN-U0p4

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m6vmh8CAQKirdXJ-wne7iw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKUt2kh9QYoNynCj5lRCMAdRTMAHlDOCla1_8vZWqgwjl5dMOGyM0F9_RBiEZWx00E0w5jnzMeqQrWhzkJZO85_EN-U0p4
date: Sun, 12 Sep 2021 22:45:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5720
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEA5lSevmniILuEdA0K_vni0&google_cver=1&google_push=AYg5qPLn0aX2vcgVrKtGlub-MbOkcn0P0R_wPcLIbt837sZyp8Qo2buf4vrNnBNZDC63N3Po2Wz...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RIVDJYRUktVi1FQlNF&google_push=AYg5qPLn0aX2vcgVrKtGlub-MbOkcn0P0R_wPcLIbt837sZyp8Qo2buf4vrNnBNZDC63N3Po2WzQ9iNkl0xis4ysDAp4uL_5cjo

170 B
188 B

51ms
27ms

Image
image/png

173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RIVDJYRUktVi1FQlNF&google_push=AYg5qPLn0aX2vcgVrKtGlub-MbOkcn0P0R_wPcLIbt837sZyp8Qo2buf4vrNnBNZDC63N3Po2WzQ9iNkl0xis4ysDAp4uL_5cjo

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1RIVDJYRUktVi1FQlNF&google_push=AYg5qPLn0aX2vcgVrKtGlub-MbOkcn0P0R_wPcLIbt837sZyp8Qo2buf4vrNnBNZDC63N3Po2WzQ9iNkl0xis4ysDAp4uL_5cjo
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 5720
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5720 0
244 B 53ms
14ms Image
text/html 173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ICEMdTlmEM7ZVXWaOrnEkxrHeljsKxt5xFNtpVyxDXhc6Te0xYq3mGDTtXQXJqfgoGM3_j

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame C21B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a817a6746d578685f4a3301a8a8c74ad0936307987013676c77d6c2788bde828

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.8/one-ad/ Frame E57A 64 KB
8 KB 40ms
24ms Stylesheet
text/css 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 975301
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 01 Sep 2021 15:50:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 68dcaade1db6f9de-PRG
cf-bgj: minify

GET
H2 200 fxpcopuw.js Show response
ad4m.at/ Frame E57A 36 KB
13 KB 33ms
25ms Script
application/javascript 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 59832
x-guploader-uploadid: ADPycdsUdR9FblQ0P4oocMyloJkszXZYgbI2aVBfpdop5oje5u3sGVopupUWSXoY9twYXhTLyL6vyRFdF1nq3FjuJZw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Wed, 08 Sep 2021 05:18:43 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bpp10RpUnZrqKyDoHLAnqiigwa52nezqqlX%2BmVXAT7nyzfcm3rrWPo2tJBCGOOrYZaU0ayA6eKYVjLsHxfClF0K2HEblroEU%2FutSH9K7bjbIpk9PkB5nJcs%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1631078323262956
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 68dcaade0c1cf9d6-PRG
expires: Sun, 12 Sep 2021 06:08:28 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame E57A 3 KB
4 KB 74ms
22ms Image
image/png 172.67.68.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.68.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8244347
x-guploader-uploadid: ABg5-UxHcnICLk7b7YkQQi88NGVF0WMcchfK1mG4dUlgFuCeLMEQbekxBAvPJ_LFWK4ZMOrhD-KiD3x1E9pCiaLs4VNde3QtWA
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BA28JAmgzPirZ63GJFhgKQ%2FeiPNAwolTrvG0L4NAqZ%2F%2F0OmlOItMq%2B0klwxS2bogySzPjSE0a6F6sXo86nmR6RHAqbEWMfx162gsImqQxSMMaKsZMgZK%2FGhAx%2BSFrHwOQCmsrnpb"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 68dcaade9b8c413e-PRG
expires: Thu, 09 Jun 2022 12:39:14 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 0A92 2 KB
2 KB 26ms
26ms Document
text/html 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-type: text/html
x-guploader-uploadid: ABg5-Uwn3myKqNzKJaXHyUiZqbP8NSrxOcbkyaRD5NRgbFtq-4RIcqJ4vnL2qiKZKS--51-luBSbS_wwXQ-ancMVjw
expires: Sun, 12 Sep 2021 23:45:40 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1617188
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yYlYahZRca8MGd%2BSlLUcrFCfK%2BKHarXuDdwah6rAqDZvcperBS6AFzKUeesbq96NekFMDptYjBBTp2jl9iaGbCKzppouF%2F4IvIFQ9%2F7QM9a0ixA28%2FCq7VQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 68dcaade5dd0f9de-PRG
content-encoding: br

POST
H3 200 rs Show response
ad4m.at/ Frame E57A 2 KB
2 KB 38ms
37ms XHR
text/plain 172.67.74.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.74.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc3a74107e777c84ca6577009fdd1c3be9f30a6d49f9a3ede9331f310c839962

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 68dcaadefa1c4108-PRG
date: Sun, 12 Sep 2021 22:45:40 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAv7SYb9x3FXBIUjXv5K3qdLBrpPyAu3yBjYpjUUiXdsBW6fqkxth24etTvScAB9ToYoHFV45NlrQ4aO1zs6wR7nKNpKG5%2Fv9ax%2FFsvApPQaHyLVlImkods%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: aa-reachservice-group-europe-west1-ms1b

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 53ms
37ms Preflight
text/plain 172.67.74.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Server: 172.67.74.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-type: text/plain
content-length: 24
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-headers: content-type
allow: HEAD,POST,GET,OPTIONS
x-backend-server: aa-reachservice-group-europe-west1-ms1b
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9UQ804yikgCbdCmTtsfXePFUQl9ACZGQcltJeTjAnW1b5QkjL07%2BU7y0GqOyvF9vxNO4e2Ll75VjvgZDz%2FUqrqlywGQX09E0ZGADzktGBi%2FQ2cHBCu8NQM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68dcaadeb9f84108-PRG

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame B0E1 6 KB
4 KB 34ms
33ms Document
text/html 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec51d275bd935adb4819818085eb8825b0a8171d929e660f1bce63dfc191ca3b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jw3bejqj0xa2mk3rc83wgtwrt6nt2c7g4dgn9kpx0dc63dwkqgg58pa5mqb8aensaab84a67dy7b5tasn62nxbwc5me5dkpqjndkej9m9znbsvc1qnmf6veqnz8n68q3rjt5mnkwmj2bhvmwa0n1e5pysepbe11e1hemtp3wqser2gy5z6x88gga6xec4hmtncaye8zf6aba2pp3m0xq8rgkekjtk0n4xzgdnzw3xc4pha5cvg2bjgr0n9v8zbeq128sessswzag51javq13wx7h99a5d9kkdkzqw3x6an6wmp24bcpqt42t3b00a6wstt109yg75r9ypq14r18nb4vv3gr6ab5aqwjefbm2wktg10kbfzt316gyye0ry6wh9bwqy3fzrvv5rz2kk2v45g&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%26client%3Dca-pub-5121538459968588%26adurl%3D

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 68dcaadf3e45f9de-PRG
content-encoding: br

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.8/one-ad/ Frame B0E1 64 KB
8 KB 24ms
24ms Stylesheet
text/css 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 975301
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 01 Sep 2021 15:50:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 68dcaadf8e68f9de-PRG
cf-bgj: minify

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame B0E1 18 KB
19 KB 46ms
29ms Image
image/webp 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 29441
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdtwGtMsFSwzi5RYeE99i2F9vuj45EfB6aAb9kdTilYucPhK3bnlLbrQey9bqMlZ3l5EHgKME41fsAT4-VlIBk8
x-goog-storage-class: MULTI_REGIONAL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RWRYp%2F4QKWBawyccJA8KUbfmIbKX9tEhu6If2wBkHagTRj3PXToxAVim7tMXLdCQSVv4apTlDWhaAo%2FMx6nHPZNFog%2FAA%2Bo3jau%2FGDjTrDUPYq9KRadgkbJ8xAA1dqNs"}],"group":"cf-nel","max_age":604800}
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 18872
cf-ray: 68dcaadf9d11f9d6-PRG
expires: Mon, 13 Sep 2021 22:45:40 GMT
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
x-goog-generation: 1589805029334103
access-control-allow-origin: *
access-control-expose-headers: Content-Type,Content-Length
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame B0E1 2 KB
2 KB 56ms
39ms Image
image/webp 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9162
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdv4B7dP4oAnliyjAL-huqCjnXVeXl7C79F1nTZcN8ILo--uUmSZs92fTtCgsIazM3Q69OUPw01JJCS_rtbqJK0zeqNzcg
x-goog-storage-class: MULTI_REGIONAL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNB9fcC7rJ%2BcSPE2N6vl0i8KXVdbVqqyUOBtC%2Bom1FKnrx%2FlVzX4zPD0bCNk%2F7tYYR6ULSENzcBmZDll7EvrB6fRB99lLPSDEs8NwWdaJpp9%2BMlGeLkBKt4b8qeS5b45"}],"group":"cf-nel","max_age":604800}
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1598
cf-ray: 68dcaadf9d10f9d6-PRG
expires: Mon, 13 Sep 2021 22:45:40 GMT
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
x-goog-generation: 1611162235947637
access-control-allow-origin: *
access-control-expose-headers: Content-Type,Content-Length
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B0E1 43 B
702 B 126ms
36ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneide7RC3fVfxBVcjHZHet1teW3sjTQTx8Joneid__asuidVBktPQgDX8EL3OQ2y62KsseA5_4EHJmSasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 22:45:40 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame B0E1 38 KB
39 KB 57ms
41ms Image
image/webp 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 94210
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdv5wkdZ6Mdkq4CaJsYZX_NlafGlXLtTqqGXwZG8d7VhGSgEuw_6k2iiPIgKikMLyq0jH9y0PQDg5zS9L-Al36U
x-goog-storage-class: MULTI_REGIONAL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoiKJDGdep%2FNpNmbHoNSJX2tFbYJVdJ1UdWrFJ2lEgSPIYcK18mHocVU9Oum6poo9tqQPXhmto%2BLuDE%2B9rhd98uGjbgIT4bR%2Bhyjg3Bf0R7M%2F6m3G86A67Cu9dlGlbWi"}],"group":"cf-nel","max_age":604800}
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 39202
cf-ray: 68dcaadf9d09f9d6-PRG
expires: Mon, 13 Sep 2021 22:45:40 GMT
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
x-goog-generation: 1579698701189315
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame B0E1 113 KB
113 KB 57ms
41ms Image
image/webp 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 28670
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdu1ryUkRjJusbiNOE4RO2Ad-qkHZ7xgFNyQNT_sSuCaRqt3lTnnft7JEo_ETrqdsClsrJHdQbrZALl8ZUEqHcs
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 115268
expires: Mon, 13 Sep 2021 22:45:40 GMT
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uRg5Tftlnb4tdS06XV8%2F9sb4Vl4NGsS%2BDgPstfLGIWmSvfd5Ja2i2bCFjoXnespgI9XK%2BVIumwv1OAeNn0vznPERgRyktGmNQYUM4Zdd78I0DRArN%2FJHQQCNz2Egnzh"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
access-control-allow-origin: *
content-type: image/webp
access-control-expose-headers: Content-Type, Content-Length
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 68dcaadf9d0cf9d6-PRG
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B0E1 43 B
703 B 125ms
35ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneide7RC3fVfYpcjHZHet1tbrzUjTQTx8Joneid__asuidVBktPQgDX8EL3OQ2y62KsseA5_4EHJmSasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 22:45:40 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame B0E1 8 KB
9 KB 55ms
39ms Image
image/webp 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 98379
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdufD5kv1JcDfyR5Da87vPLLzQjDpkl-Xpc2SJXilOlXxKZ1Ax_0O1pApPMrLipHlAEMHIiCAtWsh_oXPL1PP38
x-goog-storage-class: MULTI_REGIONAL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPpB5P14i7HK8PL95l6sq62dFE4UMpmBqNVRcorjIkTVvbt1nJp80UEEdtXcRJZI1f59b5HiQ2FxFr504st%2FLbrbiVvrx3PIvWWA60JfuMTy0UkT%2BFdmrahMUzjWcnhu"}],"group":"cf-nel","max_age":604800}
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8354
cf-ray: 68dcaadf9d0ef9d6-PRG
expires: Mon, 13 Sep 2021 22:45:40 GMT
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
x-goog-generation: 1579698787150900
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

GET
H2 200 F49C2EAC44796C3CC36B7EB8176E57DD4979BB6953D52AE3EC354AC4722C65BE111766AA7B1FD623B46255E02B9A1FD3C70187E6A3B399F7EA1DA8FBFD78D485
assets.ad4m.at/ Frame B0E1 35 KB
35 KB 39ms
24ms Image
image/webp 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/F49C2EAC44796C3CC36B7EB8176E57DD4979BB6953D52AE3EC354AC4722C65BE111766AA7B1FD623B46255E02B9A1FD3C70187E6A3B399F7EA1DA8FBFD78D485
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffbf2d2525e0baabd5fdf5289510e03e86ccb28dc9767ef58bf483077f3bfc75

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11704
cf-polished: qual=85, origFmt=jpeg, origSize=40264
x-guploader-uploadid: ADPycdsdaoMTpFWbKAjCWRQpeKO7RqU7vSrk36PnKZkVYbiPOhyLvejvp9t6N67yxra301ZHz_0wP8_MrZxEb8c02MI
x-goog-storage-class: MULTI_REGIONAL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9cs4sGIQ0fSjwFuCbatFd6KCQzuwM1hSEz0NjIVVWRiQ6jinsrhMy%2BQHoCkcS6bIfQ9vIqabPak1qzYT7Mzdgid1MEZys0LfH%2BZJHrjphyvFVD%2FlvighMxT3JUxeDLP9"}],"group":"cf-nel","max_age":604800}
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35504
cf-ray: 68dcaadf9d0af9d6-PRG
expires: Mon, 13 Sep 2021 22:45:40 GMT
last-modified: Wed, 19 Feb 2020 17:37:15 GMT
server: cloudflare
etag: "9eb405de815dd9d9e1f1e47322ddf6dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
x-goog-hash: crc32c=DWwdxw==, md5=nrQF3oFd2dnh8eRzIt323A==
x-goog-generation: 1582133835673152
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length
cache-control: public, max-age=86400
x-goog-stored-content-length: 40264
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame B0E1
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CKPT-9zB-vICFYgi0wodymEIHA;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidVBktPQgDX8EL3OQ2y62KsseA5_4EHJmSasuid__dc_reach_suite02wkz&gdpr_cons...
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1631486740_27c531b1-141b-11ec-8a78-692d0556460e

0
518 B

53ms
10ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1631486740_27c531b1-141b-11ec-8a78-692d0556460e
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=e7RC3fVfxBVcjHZHet1teW3sjTQTx8J%2Ce7RC3fVfYpcjHZHet1tbrzUjTQTx8J%2C62Zcef3f6wmheHmHYtkt5kmt2T1T2qJ&f=DjeT3fwfbqPS3HmH9twCwAmFWTmTk8r%2CDjeT3fwfe9T3HmH9twCEjxTWTmTk8r%2CXxVfzfrfp3Bh6H4Het1CxXpUBTkTXKP&c=728&d=90&e=VBktPQgDX8EL3OQ2y62KsseA5_4EHJmS&g=93307ec75547ac8f044fc615977a14ef%2F11521784037694221147&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&r=1631486740326&h=%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hqqg40m3y2699khykzdhj9btmxek8r8b72t417eany6ecbjbnr9jsybrgeq4rzpdztxahw4mq3b19n6vv075rmq4agx7s0xjkfe1eqq1030pjzkn1hzdrasd40erbdwdehj3m7b4x96c4h35a6b2m8peqxrk24spba2w8mps1y0xcz3mtqwj78ge6gc5fn6kwpftzvz022d79h1q3gt64x4t7y8kh1d61gf9jkzzys1kmmw3wa70kdzf4s3ge1fvkkf4x2w8n6s4%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC73Z3E4M-YbGLMsCA1fAPldyXgAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTUxMjE1Mzg0NTk5Njg1ODigAcKu6N0DyAEJqQJPYlRY5dCzPqgDAaoE9AFP0HSU5KTTCScLRcTs6khhDTZ6YqQOi9eFocxiKF3Tfap4-5kHBRmWC3JEZ8RHgTgVFt-MWKN32BfRBbviJi1ZNI201nYYjU4AyONyBcfo6pODj0ja13xcaQ9Y_ktUGXvSlHKZVzkD7AJg12U09L6ezgcevkeJ0t5BsZJQLtlr1BqXnzJVnIfXg00hw_BkoEtjHfMiI-q373jJsytRiqC3R2L-Q9TbwJKGg1gSfVWvzxVMkOEb6yzOjm99W9rF7sLfUTCeDpU3ajeggon29b_b0Ycf1LRea-JNj6kPHfRez6Sj2totJB67KeL3uNa6XeLEFVuFgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_2e37LaQnk7ZE3nTFHM-wmQWFBpDw%252526client%25253Dca-pub-5121538459968588%252526adurl%25253D&y=1&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Sep 2021 22:45:40 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Sun, 12 Sep 2021 22:45:40 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1631486740_27c531b1-141b-11ec-8a78-692d0556460e
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 8DC2 376 B
299 B 48ms
25ms Stylesheet
text/css 173.194.76.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Engagement

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f95.1e100.net

Software

ESF /

Resource Hash

a58ca0e14e9b06ff94afa9d0d13ea965f64ad7c2c716b0ecc502da670d406cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 22:21:04 GMT
server: ESF
date: Sun, 12 Sep 2021 22:45:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 8DC2 2 KB
546 B 46ms
25ms Stylesheet
text/css 173.194.76.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f95.1e100.net

Software

ESF /

Resource Hash

3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 21:53:45 GMT
server: ESF
date: Sun, 12 Sep 2021 22:45:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ Frame 8DC2 118 KB
20 KB 22ms
21ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 12330793
cdn-cachedat: 2021-04-23 06:29:02
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 0c1438d850d826813ba255e2978df727
cf-ray: 68dcaadfb809278c-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H3 200 bootstrap-theme.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ Frame 8DC2 23 KB
3 KB 19ms
19ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617
age: 12330771
cdn-cachedat: 2021-04-23 06:57:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: d48273a4dc293fd41c89c1723d9350d4
cf-ray: 68dcaadfb80c278c-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8DC2 138 KB
48 KB 30ms
29ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

584da571f67b1e738befcc9acc3412dcb324f43ac172257ee967b6ba8e11621e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49434
x-xss-protection: 0
server: cafe
etag: 7772695300083110601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H2 200 dmedianet.js Show response
contextual.media.net/ Frame 8DC2 148 KB
50 KB 55ms
23ms Script
text/javascript 104.76.200.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU24V3HJ

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.76.200.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-76-200-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e6601349e296be940d07749fc97ef0f3b73f4b9c9dbc0a5e6bb71276692305cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-mnt-h: 8-18
content-encoding: gzip
server: Apache
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
etag: "69d252cde79460c87a725743d4407528"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Sun, 12 Sep 2021 22:45:40 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-11
expires: Sun, 12 Sep 2021 22:50:40 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ Frame 8DC2 86 KB
30 KB 28ms
14ms Script
text/javascript 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 21:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264046
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 21:24:54 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 8DC2 99 KB
26 KB 110ms
35ms Script
application/x-javascript 185.60.218.24
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.218.24 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-otp1.fbcdn.net

Software

Resource Hash

335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25999
x-xss-protection: 0
pragma: public
x-fb-debug: pcYp8/ovYEcq6P5LhfHUJEnzQorX3QwDbNYstVKZQvbFBxSoxJeL3yT/r/ey2n8jQTkKwJdpimT8WjWOyPs7ug==
x-fb-trip-id: 1082456386
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 12 Sep 2021 22:45:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/ Frame 8DC2 251 KB
93 KB 42ms
42ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

cadedca735c6ec45885014e69884b741d9ef44349cd95c9271ae066216d49f6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95406
x-xss-protection: 0
server: cafe
etag: 12270461373536854434
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8DC2 107 B
122 B 16ms
16ms Script
application/javascript 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=fonolive.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9510 7 KB
688 B 65ms
64ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755397&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740526&bpp=1&bdt=107&idt=63&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=5678188639733&frm=24&ife=1&pv=2&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.d66kvp2ylk4z&fsb=1&dtd=71

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

f5bde15003ebeb4e0b3a7aa54533c21213d7ab2fb5a39900384141674769d5ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755397&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740526&bpp=1&bdt=107&idt=63&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=5678188639733&frm=24&ife=1&pv=2&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.d66kvp2ylk4z&fsb=1&dtd=71
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmm6no2_aWgRqgELT92VvIeyp_MlYHoFiiXO4VvzeMVqgH4d8o-edQSoN2xv-Y
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:40 GMT
server: cafe
content-length: 667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8DC2 72 KB
27 KB 24ms
24ms Script
text/javascript 74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

sffe /

Resource Hash

74696de7db3cfc983f841facfdca75dbf4c114af467b05e23fe6d95694cab0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1631273431406706"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27627
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FDF2 436 B
233 B 106ms
106ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856640&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740527&bpp=1&bdt=108&idt=79&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5678188639733&frm=24&ife=1&pv=1&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.fvby0qdigz7g&fsb=1&dtd=82

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

fb549c51a54fea69b6e0d713a317aba12c4ad6450a17362e4c2ad7c47f33df50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856640&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740527&bpp=1&bdt=108&idt=79&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5678188639733&frm=24&ife=1&pv=1&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.fvby0qdigz7g&fsb=1&dtd=82
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmm6no2_aWgRqgELT92VvIeyp_MlYHoFiiXO4VvzeMVqgH4d8o-edQSoN2xv-Y
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:40 GMT
server: cafe
content-length: 212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 599283737456594 Show response
connect.facebook.net/signals/config/ Frame 8DC2 306 KB
87 KB 165ms
130ms Script
application/x-javascript 185.60.218.24
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/599283737456594?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.218.24 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-otp1.fbcdn.net

Software

Resource Hash

d7987faa6b5a2695914ebd197d709371b723a07945e82f9dbc47fd9948632428

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: U1kAYJ+LtCTQjEPfNJfb8oI+9+enLVNjLksYvrSE5MqT2UtSZVd+Gp0wd13eQvH6KM86DvISRWKr64FTvFVEZQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 12 Sep 2021 22:45:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 8DC2 44 B
313 B 113ms
35ms Image
image/gif 185.60.218.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599283737456594&ev=PageView&dl=https%3A%2F%2Ffonolive.com%2Fpromoted-ads&rl=https%3A%2F%2Fvoticle.com%2F&if=true&ts=1631486740872&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&it=1631486740620&coo=false&exp=p1&rqm=GET

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.60.218.35 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-otp1.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sun, 12 Sep 2021 22:45:40 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8DC2 11 KB
8 KB 33ms
18ms XHR
application/json 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210908&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

20f7435a3af8774e148a1de38fb842a5fac746b8ba36005a5c78f3ea16017829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8536
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8DC2 17 KB
6 KB 72ms
37ms Script
text/javascript 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 8039 12 KB
5 KB 29ms
28ms Document
text/html 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 12 Sep 2021 19:19:51 GMT
expires: Mon, 12 Sep 2022 19:19:51 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 82E3 783 B
1 KB 84ms
31ms Document
text/html 74.125.206.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.206.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f99.1e100.net

Software

GSE /

Resource Hash

5c1d0c4d3e5c98ea70dacaccc0c258fd5d17917b7184b21ad82b8d35a781c682

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/+4XDWpLXPJBOvpetxd60g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 12 Sep 2021 22:45:41 GMT
date: Sun, 12 Sep 2021 22:45:41 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-/+4XDWpLXPJBOvpetxd60g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 css
fonts.googleapis.com/ Frame 058F 376 B
299 B 23ms
23ms Stylesheet
text/css 173.194.76.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Engagement

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f95.1e100.net

Software

ESF /

Resource Hash

a58ca0e14e9b06ff94afa9d0d13ea965f64ad7c2c716b0ecc502da670d406cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 22:16:59 GMT
server: ESF
date: Sun, 12 Sep 2021 22:45:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 058F 2 KB
546 B 25ms
25ms Stylesheet
text/css 173.194.76.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.76.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f95.1e100.net

Software

ESF /

Resource Hash

3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 12 Sep 2021 22:14:12 GMT
server: ESF
date: Sun, 12 Sep 2021 22:45:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ Frame 058F 118 KB
20 KB 20ms
20ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 12330794
cdn-cachedat: 2021-04-23 06:29:02
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 0c1438d850d826813ba255e2978df727
cf-ray: 68dcaae41bc2278c-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H3 200 bootstrap-theme.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ Frame 058F 23 KB
3 KB 18ms
18ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617
age: 12330772
cdn-cachedat: 2021-04-23 06:57:14
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: d48273a4dc293fd41c89c1723d9350d4
cf-ray: 68dcaae41bc3278c-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 058F 138 KB
48 KB 30ms
29ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

584da571f67b1e738befcc9acc3412dcb324f43ac172257ee967b6ba8e11621e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49434
x-xss-protection: 0
server: cafe
etag: 7772695300083110601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H2 200 dmedianet.js Show response
contextual.media.net/ Frame 058F 148 KB
50 KB 48ms
48ms Script
text/javascript 104.76.200.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/dmedianet.js?cid=8CU24V3HJ

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.76.200.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-76-200-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1044d4a9a7a6b247ba853225ee99b06ce2d9496edbc7d7e0219357be6c70c155

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-mnt-h: 8-18
content-encoding: gzip
server: Apache
etag: "69d252cde79460c87a725743d4407528"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Sun, 12 Sep 2021 22:45:41 GMT
strict-transport-security: max-age=604800
x-mnt-w: 8-12
expires: Sun, 12 Sep 2021 22:50:41 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ Frame 058F 86 KB
30 KB 14ms
13ms Script
text/javascript 74.125.133.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f95.1e100.net

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 21:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 21:24:54 GMT

GET
H3 200 63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js Show response
pagead2.googlesyndication.com/bg/ Frame 8039 35 KB
13 KB 20ms
20ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

sffe /

Resource Hash

eb79f1d707ed83a547391fad893ed26d403fb605d037db2351ff9dfc9a449d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 21:00:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 438295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13458
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 21:00:46 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 058F 99 KB
25 KB 34ms
34ms Script
application/x-javascript 185.60.218.24
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.218.24 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-otp1.fbcdn.net

Software

Resource Hash

335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25999
x-xss-protection: 0
pragma: public
x-fb-debug: pcYp8/ovYEcq6P5LhfHUJEnzQorX3QwDbNYstVKZQvbFBxSoxJeL3yT/r/ey2n8jQTkKwJdpimT8WjWOyPs7ug==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 12 Sep 2021 22:45:41 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/ Frame 058F 251 KB
93 KB 37ms
37ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

cadedca735c6ec45885014e69884b741d9ef44349cd95c9271ae066216d49f6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95406
x-xss-protection: 0
server: cafe
etag: 12270461373536854434
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 200 599283737456594 Show response
connect.facebook.net/signals/config/ Frame 058F 306 KB
87 KB 35ms
35ms Script
application/x-javascript 185.60.218.24
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/599283737456594?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.218.24 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-otp1.fbcdn.net

Software

Resource Hash

d7987faa6b5a2695914ebd197d709371b723a07945e82f9dbc47fd9948632428

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 89275
x-xss-protection: 0
pragma: public
x-fb-debug: U1kAYJ+LtCTQjEPfNJfb8oI+9+enLVNjLksYvrSE5MqT2UtSZVd+Gp0wd13eQvH6KM86DvISRWKr64FTvFVEZQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 12 Sep 2021 22:45:41 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 82E3 0
0 41ms
40ms Image
text/html 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210908&jk=3930635202807375&rc=
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.5.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wg-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 058F 107 B
122 B 16ms
15ms Script
application/javascript 74.125.140.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=fonolive.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.140.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f157.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C6A 7 KB
688 B 60ms
60ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755396&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741221&bpp=3&bdt=104&idt=60&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=4532699481826&frm=24&ife=1&pv=2&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7ikxptnnyh04&fsb=1&dtd=68

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

f5bde15003ebeb4e0b3a7aa54533c21213d7ab2fb5a39900384141674769d5ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755396&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741221&bpp=3&bdt=104&idt=60&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=4532699481826&frm=24&ife=1&pv=2&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7ikxptnnyh04&fsb=1&dtd=68
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmm6no2_aWgRqgELT92VvIeyp_MlYHoFiiXO4VvzeMVqgH4d8o-edQSoN2xv-Y
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:41 GMT
server: cafe
content-length: 667
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 058F 72 KB
27 KB 25ms
24ms Script
text/javascript 74.125.206.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.206.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f155.1e100.net

Software

sffe /

Resource Hash

74696de7db3cfc983f841facfdca75dbf4c114af467b05e23fe6d95694cab0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1631273431406706"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27627
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7530 436 B
233 B 69ms
69ms Document
text/html 74.125.133.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856643&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741224&bpp=1&bdt=107&idt=73&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4532699481826&frm=24&ife=1&pv=1&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.q8nfahibwxti&fsb=1&dtd=75

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f155.1e100.net

Software

cafe /

Resource Hash

69b2214a30c3ef34de923943a841340bd87804b453d5fa1df8f2adf222174e36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856643&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741224&bpp=1&bdt=107&idt=73&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4532699481826&frm=24&ife=1&pv=1&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.q8nfahibwxti&fsb=1&dtd=75
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUmm6no2_aWgRqgELT92VvIeyp_MlYHoFiiXO4VvzeMVqgH4d8o-edQSoN2xv-Y
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 12 Sep 2021 22:45:41 GMT
server: cafe
content-length: 212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 /
www.facebook.com/tr/ Frame 058F 44 B
91 B 72ms
35ms Image
image/gif 185.60.218.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599283737456594&ev=PageView&dl=https%3A%2F%2Ffonolive.com%2Fpromoted-ads&rl=https%3A%2F%2Fvoticle.com%2F&if=true&ts=1631486741357&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&it=1631486741246&coo=false&rqm=GET

Requested by

Host: fonolive.com
URL: https://fonolive.com/promoted-ads

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.218.35 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-otp1.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8DC2 0
20 B 24ms
24ms Image
image/gif 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210908&jk=3930635202807375&bg=!3N-l35vNAAYT0U73E9E7ACkAdvg8WorYlnQ6A7XZBL1-s7j6tsJa_Qgym640f4dveUe9ELSokWsESQIAAAC4UgAAABJoAQcKAOqCiIsrw-H5z36ijmMPCQsGuidARQuxMV0NAk_j6LNIJKNGjJgeUls56vepjahhcdkDfCcgWvw61wKncowlLjlTWTrQT4Z_SmVwFoP6rJm4bJwWMu4MNxqJB1KAFQ4XyGRCiKXbV8lgPuGsurT-EpUeGjO3yotOYen3g_0odj8GugO81_gO_snDc4R-5_t0gySV8_oISzfQH2j6vcQcVFTJgCFwsDwoWbcrAcjnO7-sihBTW6qzFBNiDANUIXDhFtcFWXzV3AgpqhTuQL6djeZ17MQn2BraKS4tst7k4mgtsR_92uL4jB87LvCZApGLFNgnrU2EzxRfJeBC3MLb7Zi2g9kJ4BfpUte9WFkJ4nGV2HOnQLWBKyWrcmZ9mobAlB_uZrfsE0woiK5ZBJyRfxDJMCTBARCFqUNURhTM3jWWFxP4bHDkKgRqcdQ7cp0aV6oy2eg3yN2m-mXtkATws1UIA9NQj4VjM1DgbdEIfwbM2sm2PLPefzfP9HoVboJiOAic3ALmB-WkYepUHLZA-YUVgq2SPUoCqZSNvzHmtHbGOsYbx1Iv2zXM4LADg0wW8SX2UM_CGcdSHwxdtHRxPtHPxxV3wFAjisKraDKDJQ_x6e1PpXQgYQTyHYF_oGnVOALtAq7uLFUA46ZOUE_nMLoCFMSATjgTSYvvnUWp2n2t11_ojjSxce9R6vo8z9iXH-1LEffY2zyymo5RoMI5G1ZLPe3Ben6kqtNCruArUBzENJEUxeimwCJfGPoP9suKhsjwyT2lb_9s71dZv8LZl1_9VU8fWFOoOEi-v87208dhMaIJ5YaG4qqwjs_XTPUsI9FUjxDX_76qx_P-cjM2J9deqhcRcnkRnfvE2Si0BXRu_Gorv5z1NL39lgVr5DBPJLw9v-VMGatAmSU_UYhjVHbvP6RCGkKTEhbPVBpYV0g95StWX8RwSaNR53kkSUhv7GKFfd5TyIJvq9Tqr9zvDi1FBBomkh57JL0t43V10k4iNSNZN5XOYqGjGmZvTr8v9D7Gfm_lXHSmyA3i7i1y8sOfyNpCOazTDrmm7sTOHanuTnqQ-N5sL_kDa9ntEihMw6r3Lqc54z071Zvj1dMpjbTkORKI2NtKVn0Ji_eOSf0mujmrwjrqc3ZyDz5WvZpB0ydMdYwTbcOhd_SaQyb9Jsh1FuNA0_rsBEhGrrzQRtU

Requested by

Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 058F 11 KB
8 KB 21ms
21ms XHR
application/json 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210908&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

f3ef16aa949491ae1ad8aa02184b19823c7e9e86b418180ce19129e77887e01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8507
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 23ms
23ms XHR
application/json 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210908&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

49072f48cb0ba4858283e31ef08e632c97bacd2d00e2d8ed00490df7eb51a649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8545
x-xss-protection: 0

POST
H3 204 mod_pagespeed_beacon Show response
voticle.com/ 0
549 B 50ms
50ms XHR
text/plain 172.67.217.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://voticle.com/mod_pagespeed_beacon?url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Requested by: Host: voticle.com
URL: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.217.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-fetch-mode: cors
origin: https://voticle.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: PHPSESSID=6f337mnlmdl8tfq05ud97m9bu5; __utma=229138075.933783849.1631486739.1631486739.1631486739.1; __utmc=229138075; __utmz=229138075.1631486739.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=229138075.1.10.1631486739; __gads=ID=0a4f14cecf23f2a6-2237780d1dcb0045:T=1631486739:RT=1631486739:S=ALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA
content-length: 114
:path: /mod_pagespeed_beacon?url=https%3A%2F%2Fvoticle.com%2Fa%2Farticles%2F166339%2Fthe-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
cache-control: no-cache
:authority: voticle.com
referer: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://voticle.com/a/articles/166339/the-keto-3ds-reviews-scam-alert-a-legitimate-weight-loss-pdfs
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4cOOqdxHwUZuTJSq3UFh1nSVfNv%2Fr0P3yDIM%2B8F7jwVUnpB9n2wYsudgd4r8JJxxJf0utVFvDQiTcpHVUqEEn%2BchL2HcKduSV3VCauX1YnLKhdOQrOcPvZd6JqdSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache
cf-ray: 68dcaae5fb2c27c0-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 058F 17 KB
6 KB 25ms
24ms Script
text/javascript 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 25ms
25ms Script
text/javascript 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109080101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 12 Sep 2021 22:45:41 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 02E8 12 KB
5 KB 23ms
23ms Document
text/html 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 12 Sep 2021 19:19:51 GMT
expires: Mon, 12 Sep 2022 19:19:51 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 436C 783 B
532 B 79ms
30ms Document
text/html 74.125.206.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.206.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f99.1e100.net

Software

GSE /

Resource Hash

d66d79b9336b3d6debded1eddad0904e2f9c5f52439c95e4d9558f35a0f8b10c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+cWaxcmToE1pVjXQdeydsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fonolive.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 12 Sep 2021 22:45:41 GMT
date: Sun, 12 Sep 2021 22:45:41 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-+cWaxcmToE1pVjXQdeydsQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 510
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame A726 12 KB
5 KB 23ms
23ms Document
text/html 74.125.133.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f132.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 12 Sep 2021 19:19:51 GMT
expires: Mon, 12 Sep 2022 19:19:51 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E1F6 783 B
531 B 72ms
27ms Document
text/html 74.125.206.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.206.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wk-in-f99.1e100.net

Software

GSE /

Resource Hash

7f7161e21da966db17d281288ef9b4b145b67f8f0409f49d5eb0b6a75f2ee7db

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pPtV2b+G/Fczl+7fPcdWYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://voticle.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/

Response headers

expires: Sun, 12 Sep 2021 22:45:41 GMT
date: Sun, 12 Sep 2021 22:45:41 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-pPtV2b+G/Fczl+7fPcdWYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js Show response
pagead2.googlesyndication.com/bg/ Frame 02E8 35 KB
13 KB 22ms
22ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

sffe /

Resource Hash

eb79f1d707ed83a547391fad893ed26d403fb605d037db2351ff9dfc9a449d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 21:00:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 438295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13458
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 21:00:46 GMT

GET
H3 200 63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js Show response
pagead2.googlesyndication.com/bg/ Frame A726 35 KB
13 KB 23ms
23ms Script
text/javascript 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/63nx1wftg6VHOR-tiT7SbUA_tgXQN9sjUf-d_JpEnTc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

sffe /

Resource Hash

eb79f1d707ed83a547391fad893ed26d403fb605d037db2351ff9dfc9a449d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 21:00:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 438295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13458
x-xss-protection: 0
last-modified: Mon, 06 Sep 2021 10:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 21:00:46 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E1F6 0
0 41ms
40ms Image
text/html 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210908&jk=1055957755318994&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.5.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wg-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 436C 0
0 32ms
32ms Image
text/html 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210908&jk=450922626066862&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.5.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: wg-in-f155.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 058F 0
20 B 26ms
26ms Image
image/gif 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210908&jk=450922626066862&bg=!Q0ClQATNAAYT0U73E9E7ACkAdvg8WpJn2vFLFnlOQLPtmvVfNEHr20fL_P3pFrVnG0ys1ZvijAJMqgIAAACJUgAAAApoAQeZApMVrBvO6HnZ4YXPBO2WsDq1AJCgngwAus5OoTYmxmZzjAwtMmT9aBkWVcQTdh5rYSLkOdpmBFcbhj3-_57lRQQ2KRkEPti7d94nAjgZF23nwqnQdJy52RbUtYnEVipEjppxX0SP0A6HLxRykCiFCJ9TDeZZWwkh1jjjBrk6b6R9zsZ_jR4zKFrwgc2Mk6KMBNeOgoC5_0Ub-ISjTox3qCoy6GCyi-mLtVOdiUhnF0d-fvzGOOTc2M0ZIQtfPGhGCKIC3Vvud217JTVUhGVuddqLwKEvsRUCgPM0BXU_iNhSJT359lOBK0XKzKRchjyTeEyvFXgiZ65KxBMRCUzJB4GFZfW5oB4L-KefYBuC0fFbjkJhGhkBokQEWsacfgMxaTHeUuqAnO60qTOICDuKxMZ3t0ut6WJY7Q6mbmzdrxL9SOi3LPDf6f_voPbuugszrAgHBl-ori-NAsVAxhCVV-cFWkGSVXKGx2TxHEJfDluqGI7G2Fnfyns6oZUm5Tj1n7NGlQUjwU08Um2t8-osUwlQ9cHKLSolb9gfGwDGI8gVeJZLP63cGQxRz-ZbZLvXzKc9rqe3WBQjzyHsoy4iEkjBqaV_lnjGqAaRRClDt9VqTOXRWjTukA5xn-lz_9ugwrlJ_1fz0pIVy_Rgysy789YJ1gLkn1_9UTXAywGocwMedpHl0GIWnolPR7B_4nyWzigwtcPnoQPh2qGhml7GW9AYlFBTXBZy6-4s5PRFHe7qBCVyNNHXLwrPEhPHbQ2DsPxlqGL2SEIJLLiocM5ZxLt9zMpqpFhczavOtDznqHq6mllZTg2Ya3WONeXN6QtZxuaUtsso-GhpbTSibMMSvK-E__Chg6ZXqXeVikAwqqEZURG_1w

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 25ms
24ms Image
image/gif 142.251.5.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210908&jk=1055957755318994&bg=!W1ilWBzNAAYT0U73E9E7ACkAdvg8WtsA3XSNLcdn0F-RUTdyz_qzi4Z-INDLmjTgNdOW31KezRkt9gIAAAB2UgAAAAtoAQeZAnbfjeGn7uWp5RKLjtv7F57Ax0Un_iUpMIjPCNkbz7PbLPbVk8Va_D5Q7edfNAGNVNmBMQlGbfTVJhle1nFcbq7RLk3-enhEWk8dHhyoHLzXF36Lg12aO4pyi7DFfTswM6VH94aHV2UzW51O1Y7szFUwzZwCA_16xyg2W-UjLQXP27EDjcYLl9aItANWyEyj3nLqADMHpZ59XINGRBdaoWCebToNl5oJYb-wsy6fSa6q9WLKFacdFatkdygUGs6gE_z9EArUDF-SjfQO4tPCqNZmuWmUy75SExrQ7746f8Am-1cOI3z5QEE6IS71o4mj3UmpqM4piWKd8HsUOyyR0XkKI9aRmdkGYCHXUoOQBV4JpTmfaDHLSzV4rxjD7i4sdXQ-mSgkD1weGHg1e1WEjN1ClBMcm1KLKs3GH_havbfEq3VRp3mLZ2ezGe8rvhzDbp2D3nh0ecmg_NNgMLnS-J0mTTkZIdq-k536LwF6LhiLDDFAJK7Rfc9KJsClJ4Wr4kjXrpQumn35E7NPo6rdQKwIXqG9l3XxBlNIYlarb0A9-gvFuZOLpUYqtYCrYo4Y5Ds_d0kRsuRoGCqGFz5ltkAu1ueKHhNmAPRlLgBa0_8b5qk5wAoKFt68Q44PP3sIt3s1gDZf98rMOBEikd_dWZJAXkr-pI_rzLi2yhetUruw0Y0OmwCrAdHt5tjlnGb9Q8_uIzPb-oQqWAH9QylMBvqaHu2KZN2kgHczZ7f3UBxsuarVk7NG9KnRg0HnzpregigGvxamc8lowqW4yEK1B3vQTLDj5BF6gZDOBpPh8clZa_hAETTFGTzIJtkKhk13EO22y8x8FAQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.5.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wg-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://voticle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Sep 2021 22:45:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 8DC2 44 B
88 B 35ms
35ms Image
image/gif 185.60.218.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599283737456594&ev=Microdata&dl=https%3A%2F%2Ffonolive.com%2Fpromoted-ads&rl=https%3A%2F%2Fvoticle.com%2F&if=true&ts=1631486742382&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%20%22%2C%22meta%3Adescription%22%3A%22%20%22%2C%22meta%3Akeywords%22%3A%22%20%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.45&r=stable&ec=1&o=30&it=1631486740620&coo=false&es=automatic&tm=3&exp=p1&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.218.35 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-otp1.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Sun, 12 Sep 2021 22:45:42 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 058F 44 B
88 B 36ms
35ms Image
image/gif 185.60.218.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599283737456594&ev=Microdata&dl=https%3A%2F%2Ffonolive.com%2Fpromoted-ads&rl=https%3A%2F%2Fvoticle.com%2F&if=true&ts=1631486742859&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%5Cn%20%22%2C%22meta%3Adescription%22%3A%22%20%22%2C%22meta%3Akeywords%22%3A%22%20%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.45&r=stable&ec=1&o=30&it=1631486741246&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

185.60.218.35 Bucharest, Romania, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-otp1.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://fonolive.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 22:45:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Sun, 12 Sep 2021 22:45:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
voticle.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6f337mnlmdl8tfq05ud97m9bu5
.voticle.com/	1970-01-20 14:42:38	Name: __utma Value: 229138075.933783849.1631486739.1631486739.1631486739.1
.voticle.com/	1969-12-31 23:59:59	Name: __utmc Value: 229138075
.voticle.com/	1970-01-20 01:34:14	Name: __utmz Value: 229138075.1631486739.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.voticle.com/	1970-01-19 21:11:27	Name: __utmt Value: 1
.voticle.com/	1970-01-19 21:11:28	Name: __utmb Value: 229138075.1.10.1631486739
.voticle.com/	1970-01-20 06:33:02	Name: __gads Value: ID=0a4f14cecf23f2a6-2237780d1dcb0045:T=1631486739:RT=1631486739:S=ALNI_MYd6DoB4lUXfQj-AIwBFBkay3Y3EA
.doubleclick.net/	1970-01-20 06:33:02	Name: IDE Value: AHWqTUmm6no2_aWgRqgELT92VvIeyp_MlYHoFiiXO4VvzeMVqgH4d8o-edQSoN2xv-Y
.rlcdn.com/	1970-01-20 05:57:02	Name: rlas3 Value: sEJTsgOwltKJN+8NVf7EHzKj1dGnorSYt/4sBc4XaaY=
.quantserve.com/	1970-01-19 23:21:02	Name: d Value: ECEBCQGdJIEA
.quantserve.com/	1970-01-20 06:41:41	Name: mc Value: 613e8314-189c9-efb49-42e5a
.casalemedia.com/	1970-01-20 05:57:02	Name: CMID Value: YT6DFJbbcpL03nUY3-sSKwAA
.casalemedia.com/	1970-01-19 23:21:02	Name: CMPS Value: 5201
.openx.net/	1970-01-20 05:57:02	Name: i Value: 43efe140-0442-48b8-b222-b75988d7dba8\|1631486740
.rlcdn.com/	1970-01-19 22:37:50	Name: pxrc Value: CJSG+okGEgUI6AcQABIGCOndKhAA
.casalemedia.com/	1970-01-19 23:21:02	Name: CMPRO Value: 1148
.casalemedia.com/	1970-01-19 21:12:53	Name: CMST Value: YT6DFGE+gxQA
.e.dlx.addthis.com/	1970-01-20 06:41:41	Name: na_tc Value: Y
.addthis.com/	1970-01-20 06:41:41	Name: na_id Value: 2021091222454000013967619991
.addthis.com/	1970-01-20 06:41:41	Name: na_tc Value: Y
.addthis.com/	1970-01-20 06:41:41	Name: uid Value: 613e8314d77be0d0
.addthis.com/	1970-01-20 06:41:41	Name: ouid Value: 613e83140001b83d10fd4f9422f36108253bcbe5c08e84d03d3d
.dlx.addthis.com/	1970-01-19 21:54:38	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-19 21:54:38	Name: na_sr Value: 20210912
.dlx.addthis.com/	1970-01-19 21:11:26	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-19 21:54:38	Name: na_sc_e Value: 0
.awin1.com/	1970-01-19 21:14:19	Name: awpv11830 Value: 412871\|1631486740\|27bddeb0-141b-11ec-8a78-692d0556460e
.awin1.com/	1970-01-19 21:21:31	Name: awpv14098 Value: 412871\|1631486740\|27bdb7a0-141b-11ec-a1d8-692d067fb68d
.media.net/	1970-01-20 01:37:50	Name: gdpr_status Value: 1
.pubmatic.com/	1970-01-19 21:12:53	Name: KTPCACOOKIE Value: YES
.awin1.com/	1970-01-19 21:21:31	Name: awpv11938 Value: 412871\|1631486740\|27c531b1-141b-11ec-8a78-692d0556460e
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 367022:2542680
.congstar.de/	1970-01-19 21:21:38	Name: staticentry Value: %7B%22spfr%22%3A%22412871%22%2C%22awc%22%3A%2211938_412871_1631486740_27c531b1-141b-11ec-8a78-692d0556460e%22%2C%22sp%22%3A%22awin%22%7D
.pubmatic.com/	1970-01-19 23:21:02	Name: KADUSERCOOKIE Value: 9BABE687-C080-40A8-AB75-727EC277BB8B

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755397&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740526&bpp=1&bdt=107&idt=63&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=5678188639733&frm=24&ife=1&pv=2&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.d66kvp2ylk4z&fsb=1&dtd=71 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856640&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486740527&bpp=1&bdt=108&idt=79&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=5678188639733&frm=24&ife=1&pv=1&ga_vid=1938564529.1631486741&ga_sid=1631486741&ga_hid=1601245295&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=44747620%2C31062297&oid=3&pvsid=3930635202807375&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.fvby0qdigz7g&fsb=1&dtd=82 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YT6DFJbbcpL03nUY3_sSKwAABHwAAAIB&google_push=AYg5qPKPo3_AumMVmkjfI5_0Cc8CAgsNSauSv-MAahtjBxcUMFO7nTxer5SJqT3nFuP0oPQ-hpbPjVCoRKjConty_w_Y8WLyDpZr&google_gid=CAESEC7LF2Rb9w_pamnX9ohpsBY&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&adk=1812271804&adf=3279755396&plat=1%3A1536%2C2%3A1536%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1049088%2C32%3A32&format=0x0&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741221&bpp=3&bdt=104&idt=60&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&nras=1&correlator=4532699481826&frm=24&ife=1&pv=2&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.7ikxptnnyh04&fsb=1&dtd=68 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5121538459968588&output=html&h=280&slotname=8250817351&adk=248325190&adf=123856643&pi=t.ma~as.8250817351&w=1140&fwrn=16&fwrnh=100&rafmt=1&psa=0&format=1140x280&url=https%3A%2F%2Fvoticle.com%2F&ea=0&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1631486741224&bpp=1&bdt=107&idt=73&shv=r20210908&mjsv=m202109080101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=4532699481826&frm=24&ife=1&pv=1&ga_vid=1860410577.1631486741&ga_sid=1631486741&ga_hid=112652932&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1200&ish=295&ifk=2445910273&scr_x=-12245933&scr_y=-12245933&eid=42530672%2C44747620%2C31062297&oid=3&pvsid=450922626066862&pem=424&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1200%2C295&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=2.q8nfahibwxti&fsb=1&dtd=75 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

43d897265kne3ed0qv2ecjw2-wpengine.netdna-ssl.com
ad.doubleclick.net
ad4m.at
adservice.google.com
ajax.googleapis.com
as.ad4m.at
assets.ad4m.at
banner.congstar.de
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
contextual.media.net
e.dlx.addthis.com
fonolive.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.rlcdn.com
image6.pubmatic.com
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
prod-rtb.ad4mat.net
resources.mynewsdesk.com
rtb.openx.net
ssl.google-analytics.com
static-de.ad4mat.net
tpc.googlesyndication.com
uconnect4.sgp1.digitaloceanspaces.com
voticle.com
www.awin1.com
www.facebook.com
www.google.com
www.googletagservices.com
www.peninsuladailynews.com
z-na.amazon-adsystem.com
cm.g.doubleclick.net
103.253.144.208
104.18.10.207
104.21.54.83
104.26.10.209
104.36.113.23
104.76.200.221
104.76.200.23
13.32.28.37
142.251.5.155
148.251.139.77
151.101.114.0
172.67.150.92
172.67.217.13
172.67.68.78
172.67.74.129
173.194.76.156
173.194.76.95
185.60.218.24
185.60.218.35
34.95.89.54
35.186.253.211
35.244.174.68
69.173.144.138
74.125.133.132
74.125.133.155
74.125.133.95
74.125.133.97
74.125.140.149
74.125.140.157
74.125.206.155
74.125.206.94
74.125.206.99
74.125.71.156
91.228.74.226
92.123.148.9
94.31.29.99
0893af79ad47e41929d7c616911b62f4d0768ddc8aed122c305ce765410a033d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f368189e6a99373c892a96a53534783cf02f110ad3a85778f02803cc65ae0de
0fea8655ff811d3d7a96ccff2a1535640caf6ae767316a78a1bbbf3d09b231b6
1044d4a9a7a6b247ba853225ee99b06ce2d9496edbc7d7e0219357be6c70c155
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15139ed4563c1343cc19a33cfd40611a208dc4547dfbafd661f72c302f3c65d9
1a2ab5d86b083aa22e38cb0f4d4683ef537b468b14ae11933d8e0344e6001444
1b2d5f8feb067482c320f47b68ec2a27233a59d124bd09229af1b26961cce9bc
1b582acaf161db1ef436343a487e95a35a5ee579d35893ad726dce7fa4b85b4c
1b6abcd01d2337e70b8fdde5a150175d2d4a3231d464e25b9cbdb5bac2bfcd2c
1c68a67e72e6a77d1b78c8d95853e2ba8a9802a690a7e52a76a62e58cf7ee272
1f900cd253194a3c578bbd96af01f1abed0c7f86de910bada78366d8f5e2c7fc
20f7435a3af8774e148a1de38fb842a5fac746b8ba36005a5c78f3ea16017829
218086d4079f261aadbdef5797b020f5126924b866870672ba78436dd52f2707
249f2fcb19253e0d13549aae44b6361fbc139a519938fb5957cec19bab521e06
25582d64d197e7a7ab204e2f9f2e285eb66e3d50f86187fa04eb4f599fff6557
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26667af7f6de05f7b17d3c9ea9feed27d1d6db9ecd60c30a1baccc5483cb7225
2ae11b8d7458ea7d87d6889e190ad6b5701aaf6072f54df327f745c997c3a0d0
2ae5ee36b18ca0e4b11aaad6cca148ea2668e1c5e79bfd72632e282a66c4698f
2bae9fc3e57c860103d1e03360ba3246e3b6c5bcaa6f3183ce8066cc69843a5d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe
35175cacfd478017a1eb488452dc6e7ed4544a6114a10ff14e599a5dd35d4f64
39b6ca68ad8077c4696cce5004f8d05bf25b1253e27cfcd19b5dd251685ccbc3
3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54
48a7a25e4a343cbf531574dfb105b11ad00e698aebb359fa97d4f67f508a95ac
49072f48cb0ba4858283e31ef08e632c97bacd2d00e2d8ed00490df7eb51a649
4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50c03fe1fe17e13616a80a3c154a6be47b363c6095ffa93cfee89d0befe11f4b
5148a6d00fb53a8c67d946e3b14eba63223df1600e7204c6fc13634cf34087ae
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
55d33c1c6bd93be2a74a261f0eee8892b150b8623be6d7459861bccb6dae1a79
584da571f67b1e738befcc9acc3412dcb324f43ac172257ee967b6ba8e11621e
5afe499c8df1fda4fcb575fa4864d3247f8eece1ed818a1d18d8d187dda7c25c
5c1d0c4d3e5c98ea70dacaccc0c258fd5d17917b7184b21ad82b8d35a781c682
611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44
63399b591ece157f9c193e232dce518d05fec0349d66d23d572106d7bd3e4528
637d9bee419d6a12875375302e5bfce70458c0fee1552e290619fa446444b9eb
640c546ad6ce06848151e46864cd4f9a755ad1d53c972535af70e482ef8a29f7
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
66b1de76aa6248ef3debd63cf186297205de09e3485af1721efc8793e667248a
69b2214a30c3ef34de923943a841340bd87804b453d5fa1df8f2adf222174e36
69f065839acb858a47a9a6da17f766ce773a4d5dbecc9929a67b39b97712e335
6c462a751af6aeec10856860e6a0887193f98e3fe500686141d3cb0bdcdc042a
6f2e1236b129118fc526e703f45c13e0248c3bb89108600c17f5fc37d227cef1
72732592aa19782be9f0dd18c06419f85e92d644496f061b6d365327cd5fc36c
74696de7db3cfc983f841facfdca75dbf4c114af467b05e23fe6d95694cab0fa
7560081f09d7c7cc914628f0d6f9bd2f91a1c33ccd0403e130c441c607d06f33
763264446626a22939fed5a4ea904d8bcd5d6a7bb800682561f534c14a851796
796a4c419326a41d2331990556008356dcdd69fa05ee498f9104c392abb2fe19
79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7c2a53f37f553aadd86aa8b897b87aa171242710b269c02b0dfff5820c9bfde8
7f7161e21da966db17d281288ef9b4b145b67f8f0409f49d5eb0b6a75f2ee7db
802b621afc351db3ce3d23ac1ee1417623555f685a790e5af20a892b08c3abdf
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
8ac599ef74d2dd25a1f4c753ce6819c9076283d19118fd9f73a39f8f343d3bdc
8ceeddc10e4d2309950ba5f278c7dd166720c449641feacd4d07f0aaa94ac06a
8d2025a97b776e811b59125a1382e37ce6fde5184ef785acbeafb04bdb70e2bc
8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7
93a67d13e4e376ca251f24aa507cf31790c1db4251748709a22ddfb84509e93f
9620cf344bdc85c81adb80205c010a04380db5a8334b8b00561acaddf054a173
9967eb2bd6c3dc5e9db3109798019bbd4f49a4dc992ff89c2af1e722cc16007d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d303e133769b76ee451188b71741a88ab4ad249592732e9eaffec92bf02bc82
9edcd0639ed669b064c88c23b0a7f54e551309d3d3c5327620562d1d01865703
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58ca0e14e9b06ff94afa9d0d13ea965f64ad7c2c716b0ecc502da670d406cee
a5e8deecebd13675e66a0270f6db1e8bac4cee809d3f01e264d80ce825d69ad2
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a817a6746d578685f4a3301a8a8c74ad0936307987013676c77d6c2788bde828
aa300a570cc50f33f0dbe6fa43169017bb99a2518e002f72b5a445ae07f7edc7
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
ba5ba3bb9abfdbf7a2ebb3677f98118adf63aecc380026c6b733c65a66db1044
bb75b03db85cedd0c8cb1516f0ed2b4bc10283501cd85d29c90372ec82d8d59f
bc27c98585fe5c7e365646e82394a8817181497e7acca9f7d66113d770ebbf13
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c258fa95207f32247df878b871040b36b44ca64b81e24699ae4301b9194be751
c9a407bdd3ca13dc7a11e3361574dac977484d39154b532986ec4f18ea1ad89d
cadedca735c6ec45885014e69884b741d9ef44349cd95c9271ae066216d49f6e
cee1ef99bae6c5d23a2d5d66634d74856b257e5f139ff2ac3854f8dfc4254a21
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d66d79b9336b3d6debded1eddad0904e2f9c5f52439c95e4d9558f35a0f8b10c
d7987faa6b5a2695914ebd197d709371b723a07945e82f9dbc47fd9948632428
db4654dfc0f937e0fc39dbeec03da4dcb2d2a9463689fad97b27088a8f3640fa
dc3a74107e777c84ca6577009fdd1c3be9f30a6d49f9a3ede9331f310c839962
df322e5f44fa38089812b1fdacb72cf620030743cc997a37b43842b66f769646
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ff0a9b4b8ab001e88e276ee8eccb5c3ca12ac572d894de2732616cfeb7212b
e6601349e296be940d07749fc97ef0f3b73f4b9c9dbc0a5e6bb71276692305cc
eb79f1d707ed83a547391fad893ed26d403fb605d037db2351ff9dfc9a449d37
ec51d275bd935adb4819818085eb8825b0a8171d929e660f1bce63dfc191ca3b
f25b55b844516e5fea639bdf67c01bd5c2c5fd6508e7742383c1fce599fa80cc
f3ef16aa949491ae1ad8aa02184b19823c7e9e86b418180ce19129e77887e01c
f54d5b8f038420489b4d59ddefdcea5bd0ba3a88bc04b77d906404d37030ca0f
f5bde15003ebeb4e0b3a7aa54533c21213d7ab2fb5a39900384141674769d5ef
f67f41ac441f872b66a88b2b75dabb408acc664926a6e798c889c7b7c8bbca7e
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f89a9bdab535ebe4fd1aa9ba34f1fd5821c5f1e2ed1142576aca075251e30024
fb549c51a54fea69b6e0d713a317aba12c4ad6450a17362e4c2ad7c47f33df50
fd9607fb490da15bcad08a1091da8b5b62069d578624da8711e2e59a1d72de49
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
ffbf2d2525e0baabd5fdf5289510e03e86ccb28dc9767ef58bf483077f3bfc75

voticle.com Open in urlscan Pro 172.67.217.13 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

158 Requests

99 %HTTPS

0 %IPv6

29 Domains

37 Subdomains

31 IPs

6 Countries

3702 kBTransfer

6498 kBSize

34 Cookies

9 Outgoing links

Redirected requests

158 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

voticle.com Open in urlscan Pro
172.67.217.13 Public Scan

Screenshot
Live screenshot

Full Image

158
Requests

99 %
HTTPS

0 %
IPv6

29
Domains

37
Subdomains

31
IPs

6
Countries

3702 kB
Transfer

6498 kB
Size

34
Cookies

158 HTTP transactions
9 data transactions