www.babup.com Open in urlscan Pro
51.15.15.22 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/l1hm14eqg2a2
Effective URL:
https://www.babup.com/file.php?get=l1hm14eqg2a2
Submission: On October 05 via manual (October 5th 2023, 5:49:28 pm UTC) from DE — Scanned from CH

Summary HTTP 196 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 23 domains to perform 196 HTTP transactions. The main IP is 51.15.15.22, located in Tooting, United Kingdom and belongs to Online SAS, FR. The main domain is www.babup.com.
TLS certificate: Issued by R3 on August 21st 2023. Valid for: 3 months.

This is the only time www.babup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7 29	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.15.15.22 51.15.15.22	12876 (Online SAS) (Online SAS)
37	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
2	142.250.186.72 142.250.186.72	15169 (GOOGLE) (GOOGLE)
3	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
1	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
1	142.250.185.234 142.250.185.234	15169 (GOOGLE) (GOOGLE)
1	185.102.217.65 185.102.217.65	60068 (CDN77 ^_^) (CDN77 ^_^)
3 22	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2	142.250.186.46 142.250.186.46	15169 (GOOGLE) (GOOGLE)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
1	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
5	142.250.186.42 142.250.186.42	15169 (GOOGLE) (GOOGLE)
38	142.250.186.161 142.250.186.161	15169 (GOOGLE) (GOOGLE)
3	142.250.184.238 142.250.184.238	15169 (GOOGLE) (GOOGLE)
6 17	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
6	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
5	216.58.212.174 216.58.212.174	15169 (GOOGLE) (GOOGLE)
6	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
2	143.204.215.67 143.204.215.67	16509 (AMAZON-02) (AMAZON-02)
2	107.178.244.119 107.178.244.119	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 4	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
3 5	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	185.89.210.20 185.89.210.20	29990 (ASN-APPNEX) (ASN-APPNEX)
3 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 2	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.94.238.177 3.94.238.177	() ()
3	142.250.184.230 142.250.184.230	() ()
1 1	142.250.186.36 142.250.186.36	() ()
196	30

29 188.114.97.3 (Amsterdam, Netherlands) 7 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.15.15.22 (Tooting, United Kingdom)

ASN12876 (Online SAS, FR)
PTR: server.babup.com

www.babup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.102.217.65 (Bucharest, Romania)

ASN60068 (CDN77 ^_^, GB)
PTR: 185-102-217-65.bunnyinfra.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 172.217.18.2 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.186.66 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 216.58.212.174 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f174.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.215.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-67.fra53.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.244.119 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.26.193 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.20 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.97.41 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.94.238.177 (None, )

ASN- ()

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.230 (None, )

ASN- ()

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.36 (None, ) 1 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	726 KB
36	doubleclick.net 11 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 ad.doubleclick.net — Cisco Umbrella Rank: 173 cm.g.doubleclick.net — Cisco Umbrella Rank: 255 googleads4.g.doubleclick.net Failed	369 KB
22	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 951926	548 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	163 KB
9	google.com 1 redirects mts0.google.com — Cisco Umbrella Rank: 4394 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1474 www.google.com	269 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	412 KB
7	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1200 www.googleadservices.com — Cisco Umbrella Rank: 153	599 B
7	file-upload.com 7 redirects www.file-upload.com	3 KB
6	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 405 fonts.googleapis.com — Cisco Umbrella Rank: 49	36 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	3 KB
4	openx.net 3 redirects us-u.openx.net — Cisco Umbrella Rank: 547	1 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 261	3 KB
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 518 www.google-analytics.com — Cisco Umbrella Rank: 42 region1.google-analytics.com — Cisco Umbrella Rank: 2250	38 KB
3	2mdn.net s0.2mdn.net	117 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 187	176 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1584	628 B
2	sojern.com beacon.sojern.com — Cisco Umbrella Rank: 6176	330 B
2	truste.com choices.truste.com — Cisco Umbrella Rank: 1058	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	147 KB
2	babup.com www.babup.com	9 KB
1	tremorhub.com partners.tremorhub.com	175 B
1	dmca.com images.dmca.com — Cisco Umbrella Rank: 13957 Failed	5 KB
0	alexametrics.com Failed certify-js.alexametrics.com Failed
196	23

	Domain	Requested by
38	tpc.googlesyndication.com	googleads.g.doubleclick.net www.file-upload.org ad.doubleclick.net tpc.googlesyndication.com
37	pagead2.googlesyndication.com	www.babup.com pagead2.googlesyndication.com www.file-upload.org googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
22	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com www.file-upload.org googleads.g.doubleclick.net
22	www.file-upload.org	www.file-upload.org www.babup.com
10	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	www.googletagservices.com	googleads.g.doubleclick.net www.file-upload.org
7	www.file-upload.com	7 redirects
6	www.googleadservices.com	googleads.g.doubleclick.net
6	www.gstatic.com	googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	fundingchoicesmessages.google.com	pagead2.googlesyndication.com www.babup.com
5	fonts.googleapis.com	googleads.g.doubleclick.net
4	us-u.openx.net	3 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	ad.doubleclick.net	2 redirects googleads.g.doubleclick.net
3	s0.2mdn.net	www.file-upload.org googleads.g.doubleclick.net s0.2mdn.net
3	fonts.gstatic.com	fonts.googleapis.com
3	mts0.google.com	googleads.g.doubleclick.net
3	connect.facebook.net	www.babup.com connect.facebook.net
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	beacon.sojern.com	www.file-upload.org
2	choices.truste.com	www.file-upload.org
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.babup.com www.googletagmanager.com
2	www.babup.com	www.file-upload.org www.babup.com
1	www.google.com	1 redirects
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	ajax.googleapis.com	www.babup.com
1	ssl.google-analytics.com	www.babup.com
1	images.dmca.com	www.file-upload.org www.babup.com
0	googleads4.g.doubleclick.net Failed	www.file-upload.org
0	certify-js.alexametrics.com Failed	www.babup.com
196	34

This site contains links to these domains. Also see Links.

Domain
www.file-upload.com
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.com
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2023-09-25` - `2023-12-24`	3 months	crt.sh
www.babup.com R3	`2023-08-21` - `2023-11-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-15` - `2023-10-13`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
images.dmca.com R3	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-16`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-17` - `2024-02-17`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh

This page contains 30 frames:

Primary Page: https://www.babup.com/file.php?get=l1hm14eqg2a2
Frame ID: 641BC510FA6CDC708D87E36B79B4CF50
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/zrt_lookup.html
Frame ID: 441E9A63A9E3A2F34D35C355FA771A73
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1696520963&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162056&bpp=7&bdt=636&idt=1400&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8305217918131&frm=20&pv=2&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1438
Frame ID: AB2C06EA75C61CF28227E1A5C5F61C60
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462
Frame ID: 1DF49905E24E5B818B461DC0F734B2F0
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162599&bpp=6&bdt=1179&idt=931&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=4MwL2RcRbb&p=https%3A//www.babup.com&dtd=936
Frame ID: 2854E09173F3F0549114196E0164BE33
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918
Frame ID: E447F349D51184AD3596CD62D7BDF541
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1696520965&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528164994&bpp=1&bdt=3574&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3dd1323b11975b29%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MbJ6CP1rqpn2ITH6pxNSwsEqyB_aw&gpic=UID%3D00000c8e591bf41f%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MaZMbxvPFmcgdgutIq514-a38PJmA&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280&nras=2&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&psts=AOrYGskbVE4tjY8SVrkmxVt90TMX2zShEzX6rBORl33CqpQ3JI6mcWjoL58BULxMR0XONUsjwRE_XdR9GxT6TTlLT9I8Hg%2CAOrYGsmRzAzaYONiaEMWtygqtfidXG167R69vVNLqgK08PzlyC3DJXaXl4Ha9Kv7JhkoL2BnEZ2uWhdRNtOsW09OEEs3_A%2CAOrYGsnZkk_z8h959C9aSaohLg08tNjfATWVckhVeQv4qS_Ay3mQ1qazRylsiTERCBOgUpVdDaM7We_jlqnfGpIXCNMLWA&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=yfrnZ7tlh7&p=https%3A//www.babup.com&dtd=501
Frame ID: DCE35D663703AE2025925EEC4CA6E4C1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1696520965&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528164994&bpp=1&bdt=3574&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3dd1323b11975b29%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MbJ6CP1rqpn2ITH6pxNSwsEqyB_aw&gpic=UID%3D00000c8e591bf41f%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MaZMbxvPFmcgdgutIq514-a38PJmA&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280%2C1110x90&nras=3&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&psts=AOrYGskbVE4tjY8SVrkmxVt90TMX2zShEzX6rBORl33CqpQ3JI6mcWjoL58BULxMR0XONUsjwRE_XdR9GxT6TTlLT9I8Hg%2CAOrYGsmRzAzaYONiaEMWtygqtfidXG167R69vVNLqgK08PzlyC3DJXaXl4Ha9Kv7JhkoL2BnEZ2uWhdRNtOsW09OEEs3_A%2CAOrYGsnZkk_z8h959C9aSaohLg08tNjfATWVckhVeQv4qS_Ay3mQ1qazRylsiTERCBOgUpVdDaM7We_jlqnfGpIXCNMLWA&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=TCHPxkwSXS&p=https%3A//www.babup.com&dtd=512
Frame ID: D42AD8D9650353276DF67C7642EA993A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 7B91D33C98069C7DAF4B8678AD1FB8B0
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 2C29E6CD495F35D51B4D2A05AF43E159
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: F4679FB7836C56A79C5C547B587E0CC5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 9F744D90CEE429DECF94FB57449A7F42
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXp2lud2md1LvQCOEt0BDl5TrfX4ZvWxRRp0UGAGZciMznaweEs3ZkiNVMov2YgIrEGuAxuH2bUKDBNrVc5Z3fC1h2Xhw
Frame ID: 7E3D33E2933FAF1BDB2809AFE0F03510
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 47DCCA971C01C04F52AEE3DCD1B33A85
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNU3NPLKGoS2ytwVXOdXcbfSEIFTbXS-djGybbNV5wlK6xK8udqEjmhlXiXzGPIiF53a5li4RuSWHGxWur8YGUZAgXt7Qw
Frame ID: C809A31B01645B3F78F6B16646678A8B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 8D16D7297BA0A68C2D0EA8436B3D9F8D
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKrgbxDSue38BBjmlcH3ATAB&v=APEucNW435PACCxACYalW66WdMnPkPTdgUGPXR7soKWEdBbFnioRXNh_O0c_H2lqeionyZQ4FaBn2z0nvQpp4gozLrzpnAV0sQ
Frame ID: 7B9617DF534D3993E2D7B4A07CEAE7FC
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 23C637F0322B08F49899A0328EAEF426
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js
Frame ID: EA772FF889DE47FED4C0DEA86A344137
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js
Frame ID: A7CB0EEB92BD71FCA05ABA8815D1200C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js
Frame ID: 7B2225AB65C7BB4A054D89AD66627DB0
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 01A4188D724EA10FD9FBB640DE0FBF98
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 68F7159FC1C8B86C7EBD73C53926889B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C56B6E99AF4DFAB91B499B60C0EE0FE8
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E6B6EAF82A3B5B489F0878EE69BF7E73
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3F9F6C6A5764C809B46E40BE84FF4D3D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 78E99C2E28A0AF0909E8D0A42E470F3B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1D602899C04C68830BED29B858DB6587
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12162973243351611827/Hilti-Nuron-DE-728x90/index.html?ev=01_250
Frame ID: 8D5CDFF33FAE87D89E15D078F21AC79B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js
Frame ID: DBD09B2B3B54E5C201FE822B09ACCF22
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/l1hm14eqg2a2 HTTP 301
https://www.file-upload.org/l1hm14eqg2a2 Page URL
https://www.babup.com/file.php?get=l1hm14eqg2a2 Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

196
Requests

84 %
HTTPS

0 %
IPv6

23
Domains

34
Subdomains

30
IPs

6
Countries

3034 kB
Transfer

8001 kB
Size

17
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.com/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.com/l1hm14eqg2a2
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.com/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/l1hm14eqg2a2 HTTP 301
https://www.file-upload.org/l1hm14eqg2a2 Page URL
https://www.babup.com/file.php?get=l1hm14eqg2a2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/l1hm14eqg2a2 HTTP 301
https://www.file-upload.org/l1hm14eqg2a2

Request Chain 16

https://www.file-upload.com/mngez/css/app.css?v=1 HTTP 301
https://www.file-upload.org/mngez/css/app.css?v=1

Request Chain 21

https://www.file-upload.com/mngez/js/app.js?v=20 HTTP 301
https://www.file-upload.org/mngez/js/app.js?v=20

Request Chain 22

https://www.file-upload.com/assets/images/logo_new.png HTTP 301
https://www.file-upload.org/assets/images/logo_new.png

Request Chain 24

https://www.file-upload.com/mngez/images/anti1.png HTTP 301
https://www.file-upload.org/mngez/images/anti1.png

Request Chain 25

https://www.file-upload.com/mngez/images/anti2.png HTTP 301
https://www.file-upload.org/mngez/images/anti2.png

Request Chain 27

https://www.file-upload.com/assets/images/norton.png HTTP 301
https://www.file-upload.org/assets/images/norton.png

Request Chain 87

https://googleads.g.doubleclick.net/pagead/adview?ai=CZXdmI_ceZa-0LL63vcAPnrWdmALjsKuVbvbF-I3pEMCwgOyQAhABIIK6uHxg9e3MgeAEoAHOu9XSA8gBCakCzZ7FXaVTsj6oAwHIA8sEqgTGAU_QvFFs-u5DXJlX8XUFVBjfKBt6inmNd6Qo5vufLJUFysVVkrc8Y3V0NN0bqn-8x8YP5o5DAiS4ljKPAgL7ttwaMSuDZ36Fe5homRsPqt7cBnas3WzpvdCN0MbAUyGPi5oKH5H_jkz3m_hYHd5DVREmHd5E_bcpqLWjgtdYgmOPc5ZJoU2QKOciTZdAxFMMtvOMq1CEHei6qLS4B0yVdOiKhPQBX01HSxpBLYlfxLFWLc46vLrPdAeO-VWuO7F-sFzddDV118AE0tXYlpoEiAWbnO-oSJIFBAgEGAGSBQQIBRgEoAYugAespdU0qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkN4D0ggUCIBhEAEYHzICigI6AoBASL39wTqaCTpodHRwczovL3d3dy5vcmVsbGZ1ZXNzbGkuY2gvP1Byb3ZJRD0xMDkxNzc0NiZnY2xzcmM9YXcuZHMmgAoByAsBmAyr_rmlngTaDBAKChCg2NHdq_fSrTUSAgEDuBODBNgTDtAVAZgWAYAXAbIXHAoaCAASFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=z_CQ2uxPiMw&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNdnCDvj5mkvp-DHzB1dq6JABKNYUSKyQxWNHbpt6s77Jrri8oWz3gzSLPO5lm8k7AG1Sj1WBD8COT6WMMfBAkZzmtqXm9oxgB&template_id=515&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf2f90c2095a0000000000000000%22,%224%22:%220x6e98dfe232d84f010000000000000000%22,%225%22:%220x9b55488eb7ae51170000000000000000%22},%22debug_key%22:%2210584651583876493754%22,%22debug_reporting%22:true,%22destination%22:%22https://orellfuessli.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22978673102%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229416548656754734577%22}&andc=true

Request Chain 88

https://googleads.g.doubleclick.net/pagead/adview?ai=CwtafI_ceZdO0K9eyvcAPyuirmAnjsKuVbsbL-I3pEMCwgOyQAhABIIK6uHxg9e3MgeAEoAHOu9XSA8gBCakCzZ7FXaVTsj6oAwHIA8sEqgTAAU_QLfTiFaYT2cnLCr5lB9YMUV2x3lK892N4Y81bbOpgbBT-_ey4yCpAIU7lBAKJki5ym4b66NSpoj7kzdNe0VIP9mibaw9ZhoAoT3pu5xs890-HQkDLHNk_E0GO4sXrFGq6qia6PguVWNdVcQS3n4xelD0m3hHsObT-v4H_GvF36r0yNOWkic5aqsmoUKLCyGkFsDvVxkWabI4iQbF7dAdQyVgMX0gAjYznin1OleZmKjqzZx0pN3V_HyoxFLGy6sAE0tXYlpoEiAWbnO-oSJIFBAgEGAGSBQQIBRgEoAYugAespdU0qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQkN4D0ggUCIBhEAEYHzICigI6AoBASL39wTqaCTpodHRwczovL3d3dy5vcmVsbGZ1ZXNzbGkuY2gvP1Byb3ZJRD0xMDkxNzc0NiZnY2xzcmM9YXcuZHMmgAoByAsBmAyr_rmlngTaDBAKChCQk4Kvpd7i6n8SAgEDuBODBNgTDtAVAZgWAYAXAbIXHAoaCAASFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=YiC4ZtAgWac&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaNjbqcxvchw8sOHRVD0NH5sQOG7617lrQ0oQu_fxDLn2Ds_fOmqV5C3FHTsEN38VbspqEH2H2kriKV0pqpoom05BEO_6klTjwYAQ&template_id=515&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf2f90c2095a0000000000000000%22,%224%22:%220x6e98dfe232d84f010000000000000000%22,%225%22:%220x9b55488eb7ae51170000000000000000%22},%22debug_key%22:%2213279383866053626400%22,%22debug_reporting%22:true,%22destination%22:%22https://orellfuessli.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22978673102%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225186144746452724401%22}&andc=true

Request Chain 91

https://googleads.g.doubleclick.net/pagead/adview?ai=C5fziI_ceZcTBLbrUvcAPldOy-AW5ma6wc8nB6s-BEWQQASCCurh8YPXtzIHgBKAB3NjF1QPIAQmpAs2exV2lU7I-qAMByAPLBKoEyQFP0FwZYLzGIzkiqirj9KxQfF4L4xlex8qkcOvz8AgCn1J98sP1nNAKmmxdcrqYiHSFyzkb-uI-TZqrhkaJDcO1Jp33rXIP3aHgfIMp6EIu4FcuNGCBWlIVk8B4wf8Mjw34XGiDKbOjAnJgCx3hN8qQNuyGF3ntwFiJFhsXcxl_y0Bp3EeRu0eGe2-JENcgFgRuPVm-__8YtuD_b8byJLCZryBrOmGJXOeDAoj73AF1hi2FA3DWL6sko5dODc0-5KqKaH53oCPr6_nABO7QvsuNBIgFjczMokOSBQQIBBgBkgUECAUYBKAGLoAHjKe6KqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEENOWBdIIFAiAYRABGB8yAooCOgKAQEi9_cE6mgknaHR0cHM6Ly93d3cucGZpc3Rlci5jaC9kZT9nY2xzcmM9YXcuZHMmgAoByAsBmAy9wvXN_gPaDBAKChDw8tyilP7g_UgSAgEDuBODBNgTDtAVAZgWAYAXAbIXHAoaCAASFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=CQlkGUp2uOc&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNdu9Qk0Fu5CnwmzNbgwgrPXlGhVUodFoPLHUgeWnVC3KWy_jiiVL_Uvs6LVfzv98BIxTLQBXz6A1Xorvy8HGoIGNfnBgSyxgB&template_id=515&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x8ed9eeab4e0038bf0000000000000000%22,%222%22:%220x91726469e7089ad70000000000000000%22,%223%22:%220x51fd733d0494eb8d0000000000000000%22,%224%22:%220x7f6236d9d4c365590000000000000000%22,%225%22:%220xfedbc06dfd0744c0000000000000000%22},%22debug_key%22:%22424584653518775302%22,%22debug_reporting%22:true,%22destination%22:%22https://pfister.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22984706140%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211667900479393498417%22}&andc=true

Request Chain 112

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLzkuvW734EDFZ-R_QcdTiEAMQ;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1

Request Chain 122

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLLpuvW734EDFRAx4Aode4cC3Q;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1

Request Chain 137

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1&C=1

Request Chain 138

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR73JrtbQoTTcAs7ILqjIAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOhHu8DfYaYtLMbNhjzFRJ4&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOhHu8DfYaYtLMbNhjzFRJ4%26google_cver%3D1

Request Chain 140

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA5MTcyOTU1MjIzNDIyMjkzNQ%3D%3D

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFlNhxFFygVTSUkqcoDrNZ8&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFlNhxFFygVTSUkqcoDrNZ8&google_cver=1

Request Chain 142

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YzhiZjIxNTktZTE3OC0yYmIwLWQyMDItYjBkNTc5ZWVhYjk2

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJLMj8vqrAkyhdfvdi3_gaY&google_cver=1

Request Chain 145

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MzFlNGQxYTQtNWE1Mi00MThhLWI3NTUtZjIyNGI3NDNiN2E2

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEGij_Aq-wn7FEMoP7WRlwL4&google_cver=1

Request Chain 171

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

196 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

l1hm14eqg2a2 Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/l1hm14eqg2a2
https://www.file-upload.org/l1hm14eqg2a2

27 KB
7 KB

643ms
110ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f644e3078bf79eca4234d29822caccd852d22c358fb156d7a8bba5e808b668f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8117802c6b410d6e-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 17:49:20 GMT
expires: Wed, 04 Oct 2023 17:49:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cy7%2FTTd1NCAAuPyPH0PMFQotUJt1mO1MeMAEOUwPh5%2FVGHU1NCvytPsfESPAbD3PxtHs9lPfrYwTONDoqrqqIst6T7IHc%2BZGNKiMby8QvlyGkt0%2FoqGg9%2FXbN%2FiaCOZ0KylYfAPW"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811780286a5e0e57-MXP
content-type: text/html
date: Thu, 05 Oct 2023 17:49:20 GMT
location: https://www.file-upload.org/l1hm14eqg2a2
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4K3KdambmWuFdAY8RoiRzE5LaIJ6et0gGwYdzPxUpZ3odkXnIqYwU3pk%2FE%2F5w%2Fa3xWXO5Nhke1elACEIRKCDFRLWzGri5Zw9d3llCucYPhyVytLFwPw3npVYkZsTUDTtN38gu70"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 71ms
70ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:20 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 583845
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yxwoN5Wii%2FKO9TiqX4vw4%2F7pD0Hbv7wuFqzftM617TnlwsV0pM4Uf98uNCdsY3XtdPGH5d08O482iWylIzEx2MqGRwOH6uDfYZhfrbY5F%2FabNa1RF9pkF2AUUXc5WHDehQhOTYWX"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 8117802d1bed0d6e-MXP
expires: Fri, 29 Sep 2023 23:38:35 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 127ms
127ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:20 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fKVWKuN35ImrnLWZ1cxYJFskuNesCMsi66aceJKy6uRioVVwtBHV36tmfKYLI0YuyF59qizWCtBuVrNaSYGfDiA7y0oZivEuaV1Uo47Qx0hkDBkrXEgQv3Wd%2FIIf3NhASgusOqFG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 8117802d1bee0d6e-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 68ms
68ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5967916
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EDmU9yecCGAEn76crAOrJTu0bZK%2FcFTQJPILckl4FlfMGM7fSECtFP1W%2BZ3nU3yV7T%2BKz7Z%2FhyENb4FdDTdBgNVD1z2o5A23ghDcLkhNbdiQMhqwdLl3wM%2BZcTmlMJzWdIrtgE4a"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117802e2cf40d6e-MXP
expires: Fri, 04 Aug 2023 16:04:04 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1021 B 49ms
48ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Oct 2023 12:54:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"651eb1ec-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qaWVmQhnqTsSUD%2Fjpq%2FgOy6EFR7mlixKAcnX9ahq8O%2BW5bkhuKxvIr4Ceaeeq8jEwO%2FPM%2BeFJiYbaCXCRuG%2FOc84lIEC7Cy61DfkVDRax8nCvxyS51%2FyXazzynexNS6dwDq5mBC7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8117802d9c790d6e-MXP
expires: Sat, 07 Oct 2023 17:49:20 GMT

GET
H2 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 55ms
54ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5964714
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emET9H3CMuyZiBxYVM%2B6gphMH8exyuld03%2F3YdLiXZnhdcNUwYvggh8M%2F24iTTthYBqb6nrUKbwNcxMd2Ic1TLKx70LHYna4iGL%2BhK8Y5wv8D7L3h76tFOjXZPn6xUBpJdKxg4yy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117802e5d3b0d6e-MXP
expires: Fri, 04 Aug 2023 16:57:27 GMT

GET
H2 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
1 KB 67ms
66ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5964715
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kP5fy12WCiJUrKKNj8W0o3rg8rO17LWexSFKkUCEgZgwDTeaKmMrMsQbZL3DQVZoIOvJ7t01bavu3MW0cJLDRT%2Bl92uGjz10Ls%2BL36LYKv5MxFxtPI47RyQKdt2a0fhN%2BnZ42DE"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117802e8d750d6e-MXP
expires: Fri, 04 Aug 2023 16:57:26 GMT

GET _dmca_premi_badge_4.png
images.dmca.com/Badges/ 0
0

GET
H2 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 67ms
67ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5967917
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5zyznBE1H1QGeJKsqPoJ000HTuXDIL7mouTWeK%2FlCwUVSJXEqsiEQD8Q3YDUCrrqu0LA6WZlDh0IJ3EYUsQCbozjWcQxxQjBjpCyworDNImby5fY7dpx8OcfZSxAfxKp5y7Kc1j"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117802e8d770d6e-MXP
expires: Fri, 04 Aug 2023 16:04:04 GMT

GET
H/1.1 200
OK Primary Request file.php Show response
www.babup.com/ 23 KB
7 KB 388ms
127ms Document
text/html 51.15.15.22
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/file.php?get=l1hm14eqg2a2
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.15.15.22 Tooting, United Kingdom, ASN12876 (Online SAS, FR),
Reverse DNS: server.babup.com
Software: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips / PHP/7.2.34
Resource Hash: 81c260caa4dc24d0047e0f030486600681a1780ec3de4aa65836b03bbe140670

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 6845
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 Oct 2023 17:49:21 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/7.2.34

GET
H2 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 79ms
78ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5964713
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5AG1BYRZQ1S2YkuvRVcCw0ffhi95fN2cqaZ0ZEMYJEqbJp46t%2FxCzkgFGvZHMRexwQoITltWPsLPBM0Jsd%2FXO4tfv1mTR8gOv%2BL8Vcc9Y3u4Hb4xcS%2FbgQ3ffAJbDTsSS2J%2BnHHe"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117802ead900d6e-MXP
expires: Fri, 04 Aug 2023 16:57:28 GMT

GET
H2 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 75 KB
76 KB 79ms
79ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1697
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDoWggaqCus8yUe%2FRk0CXzUfaRBrgKvdVzqxKhxESM1YCgxW4j0satlpXrTkH%2FsdYNI6Q%2BJtMkUTSdOkkohmJpqn4xLQzm%2BcbwXVTXTHT9y7OHURkocg0qTrM%2Bdg2gyM2Gvi2WUH"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8117802ead920d6e-MXP
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H2 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 75ms
75ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1694
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gr2YI39iVcy8BeFR%2B1DhLtS4r4moSogMUXGL1OCef2B%2FBA4JhW%2FFiP7s87ZkVdmD7ZQdrXs2TUuvG1d4itqRxkbFYkHBqrJIZYWQ3krQawEsX3gAHjEpPF06Z7imXyZb77HUN6ae"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8117802ead930d6e-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET
H2 200 poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 88ms
87ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4591
etag: "1ecc-5fe4d56c90801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lO9ULmixanutIDipqkE%2FiwoScaw5JAjW7mq7Vpzs39u5%2BQaJVMs7nfjvQ25ESRCsoPtNreKUorFTgNvKuN%2B3Nn8H1AUrVEpZnu58vE969St%2BmsPBfwClmo212WQHwPNNJVPu8aEj"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8117802ead940d6e-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7884

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 582ms
119ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

9cdd77196f941f48d6c9ec4b802d650c50c527d83b49733298388667c035d764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50951
x-xss-protection: 0
server: cafe
etag: 2093745789600857869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:21 GMT

GET
H/1.1 200
OK blockadblock.js Show response
www.babup.com/ 7 KB
2 KB 74ms
73ms Script
application/javascript 51.15.15.22
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/blockadblock.js
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.15.15.22 Tooting, United Kingdom, ASN12876 (Online SAS, FR),
Reverse DNS: server.babup.com
Software: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips /
Resource Hash: 7a9cfefbe46e47d6971a5d4487a2ee0e9812cba5f76668be71ac25ab8d88d6ee

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/file.php?get=l1hm14eqg2a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 17:49:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Aug 2023 10:11:48 GMT
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips
ETag: "1b23-6038039110a59-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1948

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 185 KB
68 KB 570ms
98ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

abaa01f6ba230643ea4adc52a649662bc97f6940f05ca8a9679a4c0200924b63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69032
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 16:48:46 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Oct 2023 17:49:22 GMT

GET
H2

200

app.css
www.file-upload.org/mngez/css/
Redirect Chain

https://www.file-upload.com/mngez/css/app.css?v=1
https://www.file-upload.org/mngez/css/app.css?v=1

247 KB
41 KB

64ms
64ms

Stylesheet
text/css

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 583846
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I7lk5iD0r211rg5CmDZDer3i1rrdc%2BzRnZSMusZOcGg5n7V%2B1VfKZCiUNrj1mYbhARnrUvD7zN%2BkGIpEXTmJljCVd7mw9rpvSHeb40w1Xv5sdyA6DSpZh7DVO6JAGbwMoe8RZQeV"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 8117803189130d6e-MXP
expires: Fri, 29 Sep 2023 23:38:35 GMT

Redirect headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 141
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZr3oROBotURtbV3IB0kp6QeSzeaH3kdviZ8hIpAMCsgUEsjctnO44Q4z2NnL3g4RrFiLD8xpv5bGzJ9FDdU9BO%2FnWjP1iwhEulZJK3kPtljv%2BXxxaYaNr2SZTUJ%2FJVZs2akaMkV"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/css/app.css?v=1
cache-control: max-age=31536000
cf-ray: 811780310dbf0e57-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 304 KB
86 KB 1141ms
109ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

f8f4a12f18b5f1abdb1688d4a75e3b8487b01e7fad0ecc3da3198f8d6d41ec39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 17:49:23 GMT
content-md5: +HXjJWTbuiiD405amsuprQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88122
x-fb-debug: 7NqnkCoWiu3eJgSQdBSUdnNQJO+3EIDZOovcOJXtZ+Em41Cr/r7cBLBew0spn5AS2RJC7qz4YYFwP8HHkfO4WQ==
x-fb-content-md5: 0dae3404b7ca02e4420e92785df79988
cross-origin-opener-policy: same-origin-allow-popups
etag: "c6c7df2342a7f193535cd4de2f0b6dfb"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 03 Oct 2024 18:20:30 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 557ms
82ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

f5cb503882073a221bf38cf3f3dad2ac9ac42504f420f7866b625b039541a61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 17:49:21 GMT
content-md5: fyL18HapFj4OK64uFV9oEQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: ay2JC0ZInGnbK/ac7MNXqc2JIeGNNsUrAE+SVMeFJPjvhw/0TYBc6Ye6v9ch0xymMbTFXQexiEkS5tlTZmVrDg==
x-fb-content-md5: 2c084f3be51f447ff983ca322c4ccaee
cross-origin-opener-policy: same-origin-allow-popups
etag: "757a64c2f7706c0fc6c98dab79434fd6"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:52:59 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 1024ms
449ms Script
text/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 15:51:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 7064
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Thu, 05 Oct 2023 17:51:38 GMT

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET
H2

200

app.js Show response
www.file-upload.org/mngez/js/
Redirect Chain

https://www.file-upload.com/mngez/js/app.js?v=20
https://www.file-upload.org/mngez/js/app.js?v=20

235 KB
80 KB

128ms
128ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:21 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qZ4%2Bzu8W2aTQJa%2FUGaN4erv9UT6UKZnyh306S08hfvlsS4DZ5CIB61nOGZqoDKmY2gV5KK0E1vU%2Bjj1%2FhdOdEfxUEgxSQvM91KEdVoU%2Fp6k%2BtWc3jOaDrFYI%2FzOuqsZ8%2F3WuECfh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 81178031a92a0d6e-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 05 Oct 2023 17:49:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 768
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v7jCVSru4DlYgGH%2FOjJgjQfnYR6NZsFYopk74p9cDXAxiQ%2FF9m1LNVoWtguY7WZHeIZWI329dTQkc6Ays2S%2Fjd1Cm0NRk376h9INM9okzCgBB%2FznSb7mQ1UyW2OzdzUzRcbZ1k1Y"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/js/app.js?v=20
cache-control: max-age=31536000
cf-ray: 811780313df80e57-MXP
alt-svc: h3=":443"; ma=86400

GET
H2

200

logo_new.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/logo_new.png
https://www.file-upload.org/assets/images/logo_new.png

3 KB
3 KB

58ms
57ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5967918
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xIQ%2BHWDSj%2BEY1mVwAJy7BcfjCmeG203kuCE99%2FGbER1tQr31IIF7VEVTKLmgoSN7%2BuVyjFscWOHyw0Iy0XwxsRpJEcBmjH2XbN0CMpvK%2ByO93aMI7YRlTV%2BzV%2BFxk8Ty9Nw8l5e1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811780354d9a0d6e-MXP
expires: Fri, 04 Aug 2023 16:04:04 GMT

Redirect headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 768
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aq35%2BCkw9%2BZhbHCk7EJq9ApmrZfN1vbw6e6gR%2B%2BPzIfpB67RpQHQ9widsBYY5y4FpMf8%2BlfMjZJMTzUfBSd3PBUMp%2Bk3cBk5vdSpm31txKsBAcnmS1Kk7H0azRrf5sQH6g8Q8Jgc"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/logo_new.png
cache-control: max-age=31536000
cf-ray: 81178034bc840e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 550ms
88ms Script
text/javascript 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 14:17:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2024 14:17:56 GMT

GET
H2

200

anti1.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti1.png
https://www.file-upload.org/mngez/images/anti1.png

19 KB
19 KB

61ms
60ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5964715
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sEE4TyYeI68uTY2HWNh%2FK2Trl402m8AUBtv3ODRCHkddg1T8K69cv%2F3NxSH1CDYk7fqbNrkLzrX6HkAHsceUC09WBPIFcnoA1KWj8iMvUVxnvmKIvQ0ni7r4aCbl7sw%2F2MlKCAQ7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811780354d9d0d6e-MXP
expires: Fri, 04 Aug 2023 16:57:27 GMT

Redirect headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 768
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlD%2B%2BK2TJVI0Iz3cW7Glu0UQxhtA01lNr%2F%2BhWSlf%2FddQOkfGB17ogI0HF9LrxyOYceNXGqxobbfXMcgjOSum2yV%2BmKlw7mJtWLGKaxgvPeIvDjugQyeP8JvodD6k6PEfYfjFofBS"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti1.png
cache-control: max-age=31536000
cf-ray: 81178034bc860e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2

200

anti2.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti2.png
https://www.file-upload.org/mngez/images/anti2.png

641 B
969 B

67ms
67ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5964716
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NeUyivRFIipZ8ZkIRVO0SQEXGtKEpTld2%2BLO2Ho0nPZ3jWR9oFqu5zliLx3Y6bj0RxATh9T9B84kbPIGOZGPLh4iqRNE7z0QnAig3k0OlU36VTI8hBxjfQMMji%2F6AOjBlUxosk7q"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811780354d9e0d6e-MXP
expires: Fri, 04 Aug 2023 16:57:26 GMT

Redirect headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 768
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYUCP1bR8EpNxDMiwvjtSizy%2FwH%2FcdwJcT9j2xYyKvbRulUTiWXpzUIj4H%2FFzK9Th%2FphPeqQAjFzE6AjZXvn%2BooHJ%2FfizFZUhMFLxFI4YAwrHbz2021I6F8Yjv6IFV1Kc%2FHupeCn"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti2.png
cache-control: max-age=31536000
cf-ray: 81178034bc870e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 101ms
98ms Image
image/png 185.102.217.65
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.102.217.65 Bucharest, Romania, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 185-102-217-65.bunnyinfra.net
Software: BunnyCDN-BU1-717 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cdn-edgestorageid: 717
x-powered-by: ASP.NET
cdn-cachedat: 09/30/2023 18:30:13
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-BU1-717
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: dd211028c73b6df56c055b889de56f53
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=c21b983a-e974-437d-8fe0-295b6ce44c39>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2

200

norton.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/norton.png
https://www.file-upload.org/assets/images/norton.png

5 KB
5 KB

69ms
69ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5967918
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OYO2pJZpVUg9jld9F%2FtksTgXT5CNWTE55CdQWJtmX5lynbZCCVIWHZVw%2B85o0woqzjBnSljumnGDqARXWSHIHDVx92RERQQR3xF%2BA4C9UK3XT2NphQB%2Fa0YLciOVIjxR6hwjiwPJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811780354d9f0d6e-MXP
expires: Fri, 04 Aug 2023 16:04:04 GMT

Redirect headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 722
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6a%2B31lOuo3RebPuDWcUmiNBlcrSTX1pzwBgPQX2KNTOTmEXtOJuvJwbuWf4q4%2BixiuSFzEghK1vTa3wwyAlcS5MgG6fYHTMEsQnfAv5D4okIaWojyMvrlubgc5HG9ugwhzhHCwX1"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/norton.png
cache-control: max-age=31536000
cf-ray: 81178034bc880e01-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 304 KB
87 KB 1089ms
60ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=307aee1461e7e7e3a75dc9684c06b768

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

84580d510677a58d01a744c560aa2ed563755d8fd20ebb27635ab4699c304ca9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 17:49:23 GMT
content-md5: TnqfQMzwoMHd/3FcbDjazw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88121
x-fb-debug: 8hwOdsgIffD+0aF4/HGCvFlKBx0+34EwnDK/o78w4Mu5Aj2zECSSzHpqud+TBTqF09ohaRdCT+QMdpVSnpqBGQ==
x-fb-content-md5: da3de37aac891a3ffc4ad49f95860c60
cross-origin-opener-policy: same-origin-allow-popups
etag: "9caf545b041beb234bf3ab31b5b55492"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 04 Oct 2024 16:13:21 GMT

GET
H2 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 67ms
67ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5964714
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mbtvpq4VkssChV%2BLg%2BEb%2BL4qz8IDc%2BK%2BIFYElrnzDHaBtnlKkuhtFzaqIDUDqeHml2656WJH165rDILgU0MsdCZAakzUHykizU4HnQbxAipSgffunuFIBRPfFqRCpK%2BF9m3p9pHT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 81178034bcff0d6e-MXP
expires: Fri, 04 Aug 2023 16:57:28 GMT

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ 380 KB
129 KB 1248ms
118ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4863f6f9934fd6f63d5ee3b4794873d62acdfa2ef15bb6e210d9ff10148e55c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:23 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131763
x-xss-protection: 0
server: cafe
etag: 3899911441378870774
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:23 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/ Frame 441E 10 KB
5 KB 1004ms
58ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 16111
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:20:52 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 13:20:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
79 KB 396ms
395ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

21448bb551c6f10892ac5ae73342be31a13ba6c843354287410e0831b2b7b6d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Oct 2023 17:49:23 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 578ms
49ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 15:49:42 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 7181
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 05 Oct 2023 17:49:42 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
244 B 516ms
65ms Ping
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je3a20&_p=683474300&cid=1414964779.1696528163&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1696528163&sct=1&seg=0&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
10 KB 82ms
82ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 612387
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2FFHGJYtxHg4mOXKJOCmcL4l%2FMid6BAwWyYi1BTvc3ay90Qi2OCySU9ipEt6YrD%2Fq1HTmxQM8m1dd7c3KUVVSISzFBL2YgqxSYdG78UJqi3Gfol90XDhUJHh0lEB152gcLO5bH9l"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117803c4a2a59ad-MXP

GET
H2 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 88ms
87ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 612387
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtnZcrFKsaBUh9PhrfOhG%2Bl26inX958qObvzJXdIAKJYsAn%2BdPD29Cbpw7K8XF47VCWL5IgkdA%2B%2BLWX87BAwHxBE5cmTFDOz%2BYEpr3QFYeVBPuEBnkF5bdresb0nooUtgLzpPgxC"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117803c4a2b59ad-MXP

GET
H2 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
10 KB 74ms
73ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 612387
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cK7i0tCteAd7UdqgrwIQue2YuK3SzSAkwdYgrMCCLb99BogI48OQ4tPxKEBQ8gQhfE6KEgeadnNW1dBioRXw9TRvXVMPG1gP2GCOa6ACCtbFt8z20QjVaRKuPuEY8N8I%2Fsqdxhff"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8117803c5a4559ad-MXP

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
205 B 68ms
66ms XHR
text/plain 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=683474300&t=pageview&_s=1&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1361938602&gjid=84925178&cid=1414964779.1696528163&tid=UA-119779859-1&_gid=746118330.1696528163&_r=1&gtm=457e3a20&jsscut=1&z=1409162551

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 385 B
599 B 509ms
60ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.babup.com&callback=_gfp_s_&client=ca-pub-9176521898341909

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

5be2e79c038f3f4d424f23dd8b45b615aba68128d7ad15a44ee40665ae5a6d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 247
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AB2C 311 KB
69 KB 1186ms
1185ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1696520963&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162056&bpp=7&bdt=636&idt=1400&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8305217918131&frm=20&pv=2&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1438

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

98f5f4235a7f7a6f59d29d53bc6003e1f05faeae04e1410c156b8ef2dea8e669

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 70300
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:24 GMT
expires: Thu, 05 Oct 2023 17:49:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1DF4 148 KB
45 KB 725ms
724ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

dc9c0e5a329e81d0a769c3e284b81454865143af7860093fa4cd00fd87a6d168

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45697
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:24 GMT
expires: Thu, 05 Oct 2023 17:49:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2854 148 KB
45 KB 634ms
628ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162599&bpp=6&bdt=1179&idt=931&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=4MwL2RcRbb&p=https%3A//www.babup.com&dtd=936

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

0cf2686bf360feef8d837bbf2a09a3d120ab608c4c3fd7131131e16ac587f58f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45726
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:24 GMT
expires: Thu, 05 Oct 2023 17:49:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E447 147 KB
45 KB 646ms
645ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

1f15cf19275a179aa4acba62e328a392e8fa6a2a7e8ead864f777e9ec8d04bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45597
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:24 GMT
expires: Thu, 05 Oct 2023 17:49:24 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 2854 14 KB
1 KB 566ms
79ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162599&bpp=6&bdt=1179&idt=931&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=4MwL2RcRbb&p=https%3A//www.babup.com&dtd=936

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 17:49:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 16:00:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 17:49:24 GMT

GET
H2 200 nessie_icon_tiamat_f_white.png
tpc.googlesyndication.com/pagead/images/ Frame 2854 239 B
297 B 723ms
138ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_f_white.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:54:14 GMT
x-content-type-options: nosniff
server: cafe
age: 28510
etag: 8625321034218172526
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 06 Oct 2023 09:54:14 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E447 14 KB
1 KB 532ms
80ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 17:49:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 16:02:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 17:49:24 GMT

GET
H2 200 data=QZ7bJ3_ArKTfzOqlAgwIPY-vjSiKcK0gh7pw2gmTaGd4x_P9OGofayO2gbfJXnJV9cQ-x3d8LqPtQzyHZlPQEh8yA25rb3I7NIyA_iV9nznUc4fwOjS-hrBC
mts0.google.com/vt/ Frame E447 112 KB
112 KB 1097ms
364ms Image
image/png 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=QZ7bJ3_ArKTfzOqlAgwIPY-vjSiKcK0gh7pw2gmTaGd4x_P9OGofayO2gbfJXnJV9cQ-x3d8LqPtQzyHZlPQEh8yA25rb3I7NIyA_iV9nznUc4fwOjS-hrBC

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

b1d6f7a25672e2e1512d97b48e16549a1cd1453627cbc8fe7dba3db4d52c35b8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=268
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 114365
x-xss-protection: 0
x-server-version-bin: CggIBBCP+POoBg==
server: scaffolding on HTTPServer2
etag: 039eeca90609cd9c3
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Thu, 05 Oct 2023 18:49:25 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 2854 2 KB
926 B 700ms
133ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 2854 23 KB
9 KB 700ms
135ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 2854 3 KB
1 KB 698ms
134ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9837
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 2854 20 KB
9 KB 623ms
59ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2854 187 KB
59 KB 806ms
82ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:24 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 2854 36 KB
15 KB 583ms
57ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 12:31:25 GMT

GET
H2 200 data=HJ4Xt4iDOcDk1UtpHUTXCv0xq3AGR5jOi1FlTj0DCGNDkEcjKA8XQogHw9TiDshTKfeeTMTmqDY7_6hZz6jsoNAbo1AqmqR-Ijn2fCUgEz5SiZIqo85eQ0JE5g
mts0.google.com/vt/ Frame 2854 48 KB
48 KB 926ms
206ms Image
image/png 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=HJ4Xt4iDOcDk1UtpHUTXCv0xq3AGR5jOi1FlTj0DCGNDkEcjKA8XQogHw9TiDshTKfeeTMTmqDY7_6hZz6jsoNAbo1AqmqR-Ijn2fCUgEz5SiZIqo85eQ0JE5g

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

af0794c409dfdf5967b64064814087d1737eb0de2bff15fe4df3320bcc19b593

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=131
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48720
x-xss-protection: 0
x-server-version-bin: CggIBBCP+POoBg==
server: scaffolding on HTTPServer2
etag: 05ca9bf7ae565521f
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Thu, 05 Oct 2023 18:49:25 GMT

GET
DATA 200
OK truncated
/ Frame 2854 244 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2854 333 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 nessie_icon_tiamat_f_white.png
tpc.googlesyndication.com/pagead/images/ Frame E447 239 B
369 B 667ms
136ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_f_white.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:54:14 GMT
x-content-type-options: nosniff
server: cafe
age: 28510
etag: 8625321034218172526
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 06 Oct 2023 09:54:14 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E447 2 KB
945 B 617ms
92ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
DATA 200
OK truncated
/ Frame E447 244 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E447 333 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 css
fonts.googleapis.com/ Frame 1DF4 14 KB
2 KB 474ms
76ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 17:49:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 16:03:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 17:49:24 GMT

GET
H2 200 nessie_icon_tiamat_f_white.png
tpc.googlesyndication.com/pagead/images/ Frame 1DF4 239 B
297 B 651ms
137ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_f_white.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:54:14 GMT
x-content-type-options: nosniff
server: cafe
age: 28510
etag: 8625321034218172526
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 06 Oct 2023 09:54:14 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1DF4 2 KB
926 B 620ms
132ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 1DF4 23 KB
9 KB 619ms
131ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1DF4 3 KB
1 KB 618ms
130ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9837
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1DF4 20 KB
8 KB 575ms
87ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1DF4 187 KB
59 KB 767ms
117ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 1DF4 36 KB
15 KB 528ms
76ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 12:31:25 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame E447 23 KB
9 KB 620ms
107ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E447 3 KB
1 KB 607ms
95ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9837
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E447 20 KB
8 KB 594ms
82ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 nessie_icon_tiamat_f_white.png
tpc.googlesyndication.com/pagead/images/ Frame E447 239 B
297 B 646ms
138ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_f_white.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 09:54:14 GMT
x-content-type-options: nosniff
server: cafe
age: 28510
etag: 8625321034218172526
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Fri, 06 Oct 2023 09:54:14 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame E447 2 KB
926 B 98ms
98ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14769
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E447 187 KB
59 KB 787ms
116ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 f20a2b7dfb9062a0a08db52babdaa11c.js Show response
www.gstatic.com/mysidia/ Frame E447 37 KB
15 KB 541ms
69ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f20a2b7dfb9062a0a08db52babdaa11c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:26:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15586
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:46:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 15:26:24 GMT

GET
H2 200 data=HJ4Xt4iDOcDk1UtpHUTXCv0xq3AGR5jOi1FlTj0DCGNDkEcjKA8XQogHw9TiDshTKfeeTMTmqDY7_6hZz6jsoNAbo1AqmqR-Ijn2fCUgEz5SiZIqo85eQ0JE5g
mts0.google.com/vt/ Frame 1DF4 48 KB
48 KB 853ms
235ms Image
image/png 142.250.184.238
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=HJ4Xt4iDOcDk1UtpHUTXCv0xq3AGR5jOi1FlTj0DCGNDkEcjKA8XQogHw9TiDshTKfeeTMTmqDY7_6hZz6jsoNAbo1AqmqR-Ijn2fCUgEz5SiZIqo85eQ0JE5g

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

af0794c409dfdf5967b64064814087d1737eb0de2bff15fe4df3320bcc19b593

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=133
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48720
x-xss-protection: 0
x-server-version-bin: CggIBBCP+POoBg==
server: scaffolding on HTTPServer2
etag: 05ca9bf7ae565521f
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Thu, 05 Oct 2023 18:49:25 GMT

GET
DATA 200
OK truncated
/ Frame 1DF4 244 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 1DF4 333 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ 154 KB
53 KB 97ms
96ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

39959fdb588853d97dd2321280f421cc29d29a8e951fc166e6def2c1dcbdedcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53739
x-xss-protection: 0
server: cafe
etag: 15360135268817434989
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:24 GMT

GET
H2 200 ca-pub-9176521898341909 Show response
fundingchoicesmessages.google.com/i/ 157 KB
52 KB 662ms
92ms Script
application/javascript 216.58.212.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9176521898341909?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f174.1e100.net

Software

ESF /

Resource Hash

1319263ba232b2109b366056e3c858b22e6ac63d7d5cc9832492910f9aa7a187

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-vEukZ8LRcBc6sFUOUeeE7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-vEukZ8LRcBc6sFUOUeeE7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 1DF4 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7245e00c4cc086cea10eb25e4feaaf565bb4544d3859ac8a2fff272b28d1d5ed

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2854 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3562ab80a46bc06e3f18de5a6f5d344de4f453958f937ec3af6570988b366d60

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E447 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f479c92eb01b7574393452718246ebf933d5b361224381e47f84eb7b911fd99

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2854
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CZXdmI_ceZa-0LL63vcAPnrWdmALjsKuVbvbF-I3pEMCwgOyQAhABIIK6uHxg9e3MgeAEoAHOu9XSA8gBCakCzZ7FXaVTsj6oAwHIA8sEqgTGAU_QvFFs-u5DXJlX8XUFVBjfKBt6inmNd6Q...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf...

0
0

331ms
121ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf2f90c2095a0000000000000000%22,%224%22:%220x6e98dfe232d84f010000000000000000%22,%225%22:%220x9b55488eb7ae51170000000000000000%22},%22debug_key%22:%2210584651583876493754%22,%22debug_reporting%22:true,%22destination%22:%22https://orellfuessli.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22978673102%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229416548656754734577%22}&andc=true

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xa2cc9afee02061e20000000000000000","2":"0xbc8d8ba98db2fe3c0000000000000000","3":"0x93bbaf2f90c2095a0000000000000000","4":"0x6e98dfe232d84f010000000000000000","5":"0x9b55488eb7ae51170000000000000000"},"debug_key":"10584651583876493754","debug_reporting":true,"destination":"https://orellfuessli.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["978673102"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"9416548656754734577"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 17:49:25 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xa2cc9afee02061e20000000000000000","2":"0xbc8d8ba98db2fe3c0000000000000000","3":"0x93bbaf2f90c2095a0000000000000000","4":"0x6e98dfe232d84f010000000000000000","5":"0x9b55488eb7ae51170000000000000000"},"debug_key":"10584651583876493754","debug_reporting":true,"destination":"https://orellfuessli.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["978673102"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"9416548656754734577"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 1DF4
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CwtafI_ceZdO0K9eyvcAPyuirmAnjsKuVbsbL-I3pEMCwgOyQAhABIIK6uHxg9e3MgeAEoAHOu9XSA8gBCakCzZ7FXaVTsj6oAwHIA8sEqgTAAU_QLfTiFaYT2cnLCr5lB9YMUV2x3lK892N...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf...

0
0

333ms
123ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf2f90c2095a0000000000000000%22,%224%22:%220x6e98dfe232d84f010000000000000000%22,%225%22:%220x9b55488eb7ae51170000000000000000%22},%22debug_key%22:%2213279383866053626400%22,%22debug_reporting%22:true,%22destination%22:%22https://orellfuessli.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22978673102%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225186144746452724401%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xa2cc9afee02061e20000000000000000","2":"0xbc8d8ba98db2fe3c0000000000000000","3":"0x93bbaf2f90c2095a0000000000000000","4":"0x6e98dfe232d84f010000000000000000","5":"0x9b55488eb7ae51170000000000000000"},"debug_key":"13279383866053626400","debug_reporting":true,"destination":"https://orellfuessli.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["978673102"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"5186144746452724401"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 17:49:25 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xa2cc9afee02061e20000000000000000","2":"0xbc8d8ba98db2fe3c0000000000000000","3":"0x93bbaf2f90c2095a0000000000000000","4":"0x6e98dfe232d84f010000000000000000","5":"0x9b55488eb7ae51170000000000000000"},"debug_key":"13279383866053626400","debug_reporting":true,"destination":"https://orellfuessli.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["978673102"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"5186144746452724401"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 1DF4 33 KB
34 KB 525ms
71ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 05:04:01 GMT
x-content-type-options: nosniff
age: 477924
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 05:04:01 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 2854 33 KB
33 KB 551ms
100ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 05:04:01 GMT
x-content-type-options: nosniff
age: 477924
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 05:04:01 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame E447
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C5fziI_ceZcTBLbrUvcAPldOy-AW5ma6wc8nB6s-BEWQQASCCurh8YPXtzIHgBKAB3NjF1QPIAQmpAs2exV2lU7I-qAMByAPLBKoEyQFP0FwZYLzGIzkiqirj9KxQfF4L4xlex8qkcOvz8Ag...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x8ed9eeab4e0038bf0000000000000000%22,%222%22:%220x91726469e7089ad70000000000000000%22,%223%22:%220x51fd73...

0
0

331ms
121ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x8ed9eeab4e0038bf0000000000000000%22,%222%22:%220x91726469e7089ad70000000000000000%22,%223%22:%220x51fd733d0494eb8d0000000000000000%22,%224%22:%220x7f6236d9d4c365590000000000000000%22,%225%22:%220xfedbc06dfd0744c0000000000000000%22},%22debug_key%22:%22424584653518775302%22,%22debug_reporting%22:true,%22destination%22:%22https://pfister.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22984706140%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211667900479393498417%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x8ed9eeab4e0038bf0000000000000000","2":"0x91726469e7089ad70000000000000000","3":"0x51fd733d0494eb8d0000000000000000","4":"0x7f6236d9d4c365590000000000000000","5":"0xfedbc06dfd0744c0000000000000000"},"debug_key":"424584653518775302","debug_reporting":true,"destination":"https://pfister.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["984706140"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"11667900479393498417"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 17:49:25 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x8ed9eeab4e0038bf0000000000000000","2":"0x91726469e7089ad70000000000000000","3":"0x51fd733d0494eb8d0000000000000000","4":"0x7f6236d9d4c365590000000000000000","5":"0xfedbc06dfd0744c0000000000000000"},"debug_key":"424584653518775302","debug_reporting":true,"destination":"https://pfister.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["984706140"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"11667900479393498417"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame E447 33 KB
33 KB 538ms
108ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 05:04:01 GMT
x-content-type-options: nosniff
age: 477924
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 05:04:01 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 258ms
99ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 17:49:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 250ms
99ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa2cc9afee02061e20000000000000000%22,%222%22:%220xbc8d8ba98db2fe3c0000000000000000%22,%223%22:%220x93bbaf2f90c2095a0000000000000000%22,%224%22:%220x6e98dfe232d84f010000000000000000%22,%225%22:%220x9b55488eb7ae51170000000000000000%22},%22debug_key%22:%2213279383866053626400%22,%22debug_reporting%22:true,%22destination%22:%22https://orellfuessli.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22978673102%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225186144746452724401%22}&andc=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 17:49:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 210ms
99ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 17:49:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DCE3 436 B
280 B 577ms
576ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1696520965&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528164994&bpp=1&bdt=3574&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3dd1323b11975b29%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MbJ6CP1rqpn2ITH6pxNSwsEqyB_aw&gpic=UID%3D00000c8e591bf41f%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MaZMbxvPFmcgdgutIq514-a38PJmA&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280&nras=2&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&psts=AOrYGskbVE4tjY8SVrkmxVt90TMX2zShEzX6rBORl33CqpQ3JI6mcWjoL58BULxMR0XONUsjwRE_XdR9GxT6TTlLT9I8Hg%2CAOrYGsmRzAzaYONiaEMWtygqtfidXG167R69vVNLqgK08PzlyC3DJXaXl4Ha9Kv7JhkoL2BnEZ2uWhdRNtOsW09OEEs3_A%2CAOrYGsnZkk_z8h959C9aSaohLg08tNjfATWVckhVeQv4qS_Ay3mQ1qazRylsiTERCBOgUpVdDaM7We_jlqnfGpIXCNMLWA&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=yfrnZ7tlh7&p=https%3A//www.babup.com&dtd=501

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

f7345da29dfcbf2d64a329c5618d2f5f187e7432b21a321ab7923e7068809464

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:26 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D42A 436 B
277 B 583ms
582ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1696520965&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528164994&bpp=1&bdt=3574&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3dd1323b11975b29%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MbJ6CP1rqpn2ITH6pxNSwsEqyB_aw&gpic=UID%3D00000c8e591bf41f%3AT%3D1696528163%3ART%3D1696528163%3AS%3DALNI_MaZMbxvPFmcgdgutIq514-a38PJmA&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280%2C1110x90&nras=3&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&psts=AOrYGskbVE4tjY8SVrkmxVt90TMX2zShEzX6rBORl33CqpQ3JI6mcWjoL58BULxMR0XONUsjwRE_XdR9GxT6TTlLT9I8Hg%2CAOrYGsmRzAzaYONiaEMWtygqtfidXG167R69vVNLqgK08PzlyC3DJXaXl4Ha9Kv7JhkoL2BnEZ2uWhdRNtOsW09OEEs3_A%2CAOrYGsnZkk_z8h959C9aSaohLg08tNjfATWVckhVeQv4qS_Ay3mQ1qazRylsiTERCBOgUpVdDaM7We_jlqnfGpIXCNMLWA&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=TCHPxkwSXS&p=https%3A//www.babup.com&dtd=512

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

70100e7a50e9672276fc11c5cdf4984e9b9846709833f4cc640acfe515c82c46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:26 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 7B91 10 KB
4 KB 59ms
58ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 21044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 11:58:41 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 11:58:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 2C29 10 KB
4 KB 62ms
61ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 21044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 11:58:41 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 11:58:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame F467 10 KB
4 KB 73ms
66ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 21044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 11:58:41 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 11:58:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 9F74 10 KB
4 KB 70ms
68ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 21044
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 11:58:41 GMT
etag: 2603938475786422795
expires: Thu, 19 Oct 2023 11:58:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxWSTyxFC6axy1ImTyJ50UouFJy0E5VLmbQMvIwZZQmUMgLyNxEvUu8k_nksZKIrFcocW8CHmoM1lbZ43HtZOqMiRGxawfu7WLFwMqbTFtv89m-J5qAETK7Y6YDuYcDrGlVR4Cs0DQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 74ms
71ms Script
application/javascript 216.58.212.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWSTyxFC6axy1ImTyJ50UouFJy0E5VLmbQMvIwZZQmUMgLyNxEvUu8k_nksZKIrFcocW8CHmoM1lbZ43HtZOqMiRGxawfu7WLFwMqbTFtv89m-J5qAETK7Y6YDuYcDrGlVR4Cs0DQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk2NTI4MTY1LDU4ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsInRxeEtFQ1NGcUlZIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.tqxKECSFqIY.es5.O/am=ggE/d=1/rs=AJlcJMw8BrP1Vt9flcU9C7oCIvpqBOurOg/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f174.1e100.net

Software

ESF /

Resource Hash

0a213a51454ef00c2a68aed298d4db735a7d94db231146e754d45f45b47bf23b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-8Im6UE_ZCfZGlduwfgH_LQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-8Im6UE_ZCfZGlduwfgH_LQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 7B91 4 KB
767 B 83ms
81ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 16:00:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7B91 205 B
519 B 63ms
61ms Image
image/png 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 01:08:26 GMT
x-content-type-options: nosniff
age: 60059
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 04 Oct 2024 01:08:26 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7B91 604 B
696 B 64ms
62ms Image
image/png 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 11:42:48 GMT
x-content-type-options: nosniff
age: 108397
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 03 Oct 2024 11:42:48 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 7B91 15 KB
7 KB 62ms
59ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

729bb9007929a8af5c6f300c99e7c5899043ed1734d39fd6f4e0361b94d1adbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:54:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14089
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6551
x-xss-protection: 0
server: cafe
etag: 6101707970674548951
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:54:36 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 7B91 20 KB
8 KB 62ms
60ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

7f8d937ac3c24cd9099dccaeb3e160dba15d6396b7f8ada3ca95f9ef24633aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:54:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14089
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8566
x-xss-protection: 0
server: cafe
etag: 11420928434021954480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:54:36 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7E3D 478 B
242 B 110ms
101ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXp2lud2md1LvQCOEt0BDl5TrfX4ZvWxRRp0UGAGZciMznaweEs3ZkiNVMov2YgIrEGuAxuH2bUKDBNrVc5Z3fC1h2Xhw

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 47DC 89 KB
31 KB 164ms
138ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 47DC 27 KB
10 KB 464ms
183ms Script
text/javascript 143.204.215.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=&c=1696528163709843&js=pmw0&w=160&h=600&admarker=dynamic

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-67.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

bebe87a990082b3d13b4b7dfcd5fb7395f7efe4be97ed7a4cb844fcf87dba8be

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA53-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: TxL00GJ9u2DmyVTtY_YOfuaayllBJoBg0asN5cr8OENF05xNYcnwbQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dbm
beacon.sojern.com/imp/ Frame 47DC 42 B
229 B 396ms
64ms Image
image/gif 107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.sojern.com/imp/dbm?auc=ABAjH0h5llBH9AJfpdfN1ASoNkpb&li=19644350364&cr=512861025&io=1010642908&seg=&src=https://www.babup.com/&ord=1696528163709843
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Thu, 05 Oct 2023 17:49:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

GET
H2

200

B29164104.374615553;dc_pre=CLzkuvW734EDFZ-R_QcdTiEAMQ;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd... Show response
ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/ Frame 47DC
Redirect Chain

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;...
https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLzkuvW734EDFZ-R_QcdTiEAMQ;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;...

16 KB
12 KB

113ms
101ms

Script
text/javascript

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLzkuvW734EDFZ-R_QcdTiEAMQ;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

59091fd566bf0de940fc240154317384b96eda112c3d1af47b09abbbc7e0d13e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLzkuvW734EDFZ-R_QcdTiEAMQ;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709843;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 47DC 3 KB
1 KB 100ms
75ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9838
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 47DC 20 KB
8 KB 82ms
57ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 47DC 187 KB
59 KB 97ms
72ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47DC 42 B
110 B 204ms
180ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AQcl8T3nsB5o9cOZCGHo5Fs8C_F-PLfonFRC9VOYxCYpeLNi6ZL4P0eKZafoUgd3TAc_Z1tRf51YnlIrl6HqoHlYQ3U6DDDLYdoOHsMaHVaKeORs8

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47DC 0
121 B 189ms
165ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2836309949514058699&x=1&ct=119

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C809 611 B
310 B 123ms
107ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNU3NPLKGoS2ytwVXOdXcbfSEIFTbXS-djGybbNV5wlK6xK8udqEjmhlXiXzGPIiF53a5li4RuSWHGxWur8YGUZAgXt7Qw

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8D16 89 KB
31 KB 236ms
222ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 8D16 27 KB
10 KB 449ms
203ms Script
text/javascript 143.204.215.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=&c=1696528163709844&js=pmw0&w=160&h=600&admarker=dynamic

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-67.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

9620d1115881c6600252dbea031c37b8f9f991b6f7b2f413fe43f035d9f81304

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA53-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: Xmf3-0s78xwXy0hEjVl1c5AwabA4AbwbVIIwSJ4MuOO3fxCObLvE7A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dbm
beacon.sojern.com/imp/ Frame 8D16 42 B
101 B 362ms
64ms Image
image/gif 107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.sojern.com/imp/dbm?auc=ABAjH0g2vUFKjMsDeU3Iy-_BE8VN&li=19644350364&cr=512861025&io=1010642908&seg=&src=https://www.babup.com/&ord=1696528163709844
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Thu, 05 Oct 2023 17:49:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

GET
H2

200

B29164104.374615553;dc_pre=CLLpuvW734EDFRAx4Aode4cC3Q;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd... Show response
ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/ Frame 8D16
Redirect Chain

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;...
https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLLpuvW734EDFRAx4Aode4cC3Q;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;...

16 KB
12 KB

92ms
90ms

Script
text/javascript

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLLpuvW734EDFRAx4Aode4cC3Q;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

b7fac5854dc0958803be483b89e9a84ff5005d2e54aeb2bb3fc9996a927d6c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12192
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=CLLpuvW734EDFRAx4Aode4cC3Q;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 8D16 3 KB
1 KB 66ms
55ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9838
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 8D16 20 KB
8 KB 63ms
53ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8D16 187 KB
59 KB 78ms
68ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D16 42 B
107 B 172ms
164ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DadK7be7TQidOzcdhTm3DHSuZpbG8VHnHI0LIbH_sUfecRMygpxyOQmiF4Fe9kMGPBw09b2QxrL_5KiuNAoAPDAFWSEiKzBTtWfprsjHFCCGqWJNg

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D16 0
56 B 169ms
161ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6769480768756601227&x=1&ct=119

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7B96 441 B
244 B 118ms
117ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKrgbxDSue38BBjmlcH3ATAB&v=APEucNW435PACCxACYalW66WdMnPkPTdgUGPXR7soKWEdBbFnioRXNh_O0c_H2lqeionyZQ4FaBn2z0nvQpp4gozLrzpnAV0sQ

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 23C6 89 KB
31 KB 213ms
213ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 23C6 3 KB
1 KB 92ms
91ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9838
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 23C6 20 KB
8 KB 80ms
78ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 23C6 187 KB
59 KB 71ms
70ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:25 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 23C6 42 B
107 B 202ms
201ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CBIbAHGefDIkiRsx2XtaC2u_p4fkhOapyQzPYkt66pf3soFxE7YahelJdzAkHkDV2yTLOhg3rBHn83-Cjal_S3qSWRxXAHJPggBGbayZaX3pXTins

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 23C6 0
56 B 200ms
200ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17670178649012537713&x=1&ct=119

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxXnqpvojTdqeq7izMAByeaYup6rdYUy24JmYyq4cNuhbJW3ah5ZqiAkgKKEzAoItnGpFmqyb8Zz5cBGrEUlOBdl7vNTSAxz0mQCQVuXTn-2RAGaqcBuc7wSMWigVYCXARglOoSTsQ== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 113ms
112ms Script
application/javascript 216.58.212.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXnqpvojTdqeq7izMAByeaYup6rdYUy24JmYyq4cNuhbJW3ah5ZqiAkgKKEzAoItnGpFmqyb8Zz5cBGrEUlOBdl7vNTSAxz0mQCQVuXTn-2RAGaqcBuc7wSMWigVYCXARglOoSTsQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk2NTI4MTY2LDkwMDAwMDBdLG51bGwsbnVsbCxudWxsLFtudWxsLFs3LDldLG51bGwsMixudWxsLCJlbiJdLCJodHRwczovL3d3dy5iYWJ1cC5jb20vIixudWxsLFtbOCwidHF4S0VDU0ZxSVkiXSxbOSwiZGUiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f174.1e100.net

Software

ESF /

Resource Hash

e632c45508bd0ebbf5f44faf96149711ef0a747ddc0af5a57705339b98114c54

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-s6DqNHjTF93LQ-eLwEDcvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:26 GMT
content-security-policy: script-src 'report-sample' 'nonce-s6DqNHjTF93LQ-eLwEDcvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 7E3D 170 B
243 B 77ms
72ms Image
image/png 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXp2lud2md1LvQCOEt0BDl5TrfX4ZvWxRRp0UGAGZciMznaweEs3ZkiNVMov2YgIrEGuAxuH2bUKDBNrVc5Z3fC1h2Xhw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 7E3D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1&C=1

43 B
335 B

102ms
101ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXp2lud2md1LvQCOEt0BDl5TrfX4ZvWxRRp0UGAGZciMznaweEs3ZkiNVMov2YgIrEGuAxuH2bUKDBNrVc5Z3fC1h2Xhw
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GnRA0vA68MJ0HHUQGQVk82kVYaaNsbXPbVTAv7GhLSAIwAIhxrHZTvgtiO78qUKQNwdGjm0NIa4MyOS3kXWDeO%2Fs49J5N1DZDwTKkeEKe5TnC9ZB09eZfMGfyUcOCLu2eGcPVnLIgZZb7g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8117805129b13c71-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSAjggWTqj4AZ7N%2B0zj1OBBY%2BctWN0PeU2FlZdKN5XFdNmSpBSnOksOKFwoKaq9BrVaBL%2BkemkTCPxsmGk%2B0tcTJwx8plgvsU5OTm8DTKkKYz3KhhPm7htGzId9yU48WsTzKTQgVsLysOw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1&C=1
cache-control: no-cache
cf-ray: 8117804f8f143c71-CDG
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7E3D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR73JrtbQoTTcAs7ILqjIAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1

43 B
776 B

118ms
118ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXp2lud2md1LvQCOEt0BDl5TrfX4ZvWxRRp0UGAGZciMznaweEs3ZkiNVMov2YgIrEGuAxuH2bUKDBNrVc5Z3fC1h2Xhw
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:27 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lxtuQNQ7%2B8VTxK58YOWdnmZ44drpwlUJPvqPNx8vFzdQl8RnlyoMp5Y43FrfUjp1c%2F6uNod3Uj23VAGqr5YpO1W7fdqSD27ffds%2FMc%2F%2FvQsjB4LNZ%2FxUIsr2q82gt9%2BIWFB%2FT1gUFfc%2Fvg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81178054ba7524be-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOKxiEct8mi3M9zyNKRgSiY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame C809
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOhHu8DfYaYtLMbNhjzFRJ4&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOhHu8DfYaYtLMbNhjzFRJ4%26google_cver%3D1

43 B
891 B

68ms
68ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOhHu8DfYaYtLMbNhjzFRJ4%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNU3NPLKGoS2ytwVXOdXcbfSEIFTbXS-djGybbNV5wlK6xK8udqEjmhlXiXzGPIiF53a5li4RuSWHGxWur8YGUZAgXt7Qw

Protocol

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
an-x-request-uuid: 545dfaac-5d28-4b61-9f74-ce6a592c6cb8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.219.127.190; 80.219.127.190; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
an-x-request-uuid: 2a165306-d81e-4893-b2ab-277a6a30ea78
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEOhHu8DfYaYtLMbNhjzFRJ4%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 80.219.127.190; 80.219.127.190; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C809
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA5MTcyOTU1MjIzNDIyMjkzNQ%3D%3D

170 B
188 B

69ms
69ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA5MTcyOTU1MjIzNDIyMjkzNQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
an-x-request-uuid: b51c0b51-5d98-4d99-af85-33a4fead9a4b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDA5MTcyOTU1MjIzNDIyMjkzNQ%3D%3D
x-proxy-origin: 80.219.127.190; 80.219.127.190; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C809
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFlNhxFFygVTSUkqcoDrNZ8&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFlNhxFFygVTSUkqcoDrNZ8&google_cver=1

43 B
163 B

83ms
82ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFlNhxFFygVTSUkqcoDrNZ8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNU3NPLKGoS2ytwVXOdXcbfSEIFTbXS-djGybbNV5wlK6xK8udqEjmhlXiXzGPIiF53a5li4RuSWHGxWur8YGUZAgXt7Qw
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEFlNhxFFygVTSUkqcoDrNZ8&google_cver=1
date: Thu, 05 Oct 2023 17:49:26 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C809
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YzhiZjIxNTktZTE3OC0yYmIwLWQyMDItYjBkNTc5ZWVhYjk2

170 B
188 B

72ms
68ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YzhiZjIxNTktZTE3OC0yYmIwLWQyMDItYjBkNTc5ZWVhYjk2

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YzhiZjIxNTktZTE3OC0yYmIwLWQyMDItYjBkNTc5ZWVhYjk2
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame EA77 37 KB
15 KB 51ms
50ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162063&bpp=3&bdt=643&idt=1450&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=apRUBiugmk&p=https%3A//www.babup.com&dtd=1462

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33134
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2

200

um
sync.teads.tv/ Frame 7B96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJLMj8vqrAkyhdfvdi3_gaY&google_cver=1

23 B
278 B

161ms
136ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJLMj8vqrAkyhdfvdi3_gaY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKrgbxDSue38BBjmlcH3ATAB&v=APEucNW435PACCxACYalW66WdMnPkPTdgUGPXR7soKWEdBbFnioRXNh_O0c_H2lqeionyZQ4FaBn2z0nvQpp4gozLrzpnAV0sQ
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Thu, 05 Oct 2023 17:49:26 GMT
pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEJLMj8vqrAkyhdfvdi3_gaY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7B96
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MzFlNGQxYTQtNWE1Mi00MThhLWI3NTUtZjIyNGI3NDNiN2E2

170 B
188 B

72ms
71ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MzFlNGQxYTQtNWE1Mi00MThhLWI3NTUtZjIyNGI3NDNiN2E2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKrgbxDSue38BBjmlcH3ATAB&v=APEucNW435PACCxACYalW66WdMnPkPTdgUGPXR7soKWEdBbFnioRXNh_O0c_H2lqeionyZQ4FaBn2z0nvQpp4gozLrzpnAV0sQ

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: akka-http/10.2.10
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MzFlNGQxYTQtNWE1Mi00MThhLWI3NTUtZjIyNGI3NDNiN2E2
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Thu, 05 Oct 2023 17:49:26 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame 7B96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEGij_Aq-wn7FEMoP7WRlwL4&google_cver=1

43 B
175 B

1126ms
317ms

Image
image/gif

3.94.238.177

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEGij_Aq-wn7FEMoP7WRlwL4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKrgbxDSue38BBjmlcH3ATAB&v=APEucNW435PACCxACYalW66WdMnPkPTdgUGPXR7soKWEdBbFnioRXNh_O0c_H2lqeionyZQ4FaBn2z0nvQpp4gozLrzpnAV0sQ
Protocol: H2
Server: 3.94.238.177 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Thu, 05 Oct 2023 17:49:27 GMT
server: nginx
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEGij_Aq-wn7FEMoP7WRlwL4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame A7CB 37 KB
14 KB 54ms
53ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33134
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B22 37 KB
14 KB 54ms
48ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696520963&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696528162631&bpp=1&bdt=1210&idt=915&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=8305217918131&frm=20&pv=1&ga_vid=1414964779.1696528163&ga_sid=1696528163&ga_hid=683474300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44795921%2C31078602&oid=2&pvsid=3397855627565520&tmod=359010042&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=1TVtWYayba&p=https%3A//www.babup.com&dtd=918

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33134
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 01A4 14 KB
1 KB 74ms
74ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 16:00:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 17:49:26 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 01A4 2 KB
931 B 76ms
76ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 01A4 23 KB
9 KB 95ms
94ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 68F7 143 B
228 B 59ms
58ms Document
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 2468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:08:18 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 01A4 3 KB
1 KB 100ms
99ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 15:05:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9839
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 15:05:27 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 01A4 20 KB
8 KB 77ms
77ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:43:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 01A4 187 KB
59 KB 102ms
101ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 17:49:26 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 01A4 36 KB
15 KB 59ms
59ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19081
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 12:31:25 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47DC 0
56 B 147ms
147ms Ping
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7218933316469&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 47DC 0
56 B 142ms
141ms Ping
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7218933316469&version=m202309260101&ct=119&x=1&cor=2836309949514059000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 47DC 90 KB
37 KB 392ms
391ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CWJY0MyJBCF_Vh36PA9yTI9hMNbH1Ao_TLtAxg60-ifF_9_5moAFQmi7-jLFaisUWk2UWEDrrFiCMrnTtrOp9MU03oyRUUdS2zPL8zh7HYEtLQ95cwuDX-HJ2--jIVxGIZEKZYHZPs43N0_zoy3swCbTHEgHeQ5CDD05hqgaP8_QxRKxDJZuiA1ejUHIuPgPa0FOYQ&cry=1&dbm_d=AKAmf-D6kQUThIRZyA6I1bwCcIdseNcjBnEjfFZSyJvd3NvBLC6LpqmH2hQ1Fjsk4lyP3M21nSKEkdmeTNWky-mfldW0GTkDcED0BDu1mVrKpK---sPWfh5WrphzmwwHGG73hQNwNfPOk-9diqKr5VKLl487kU-aJ_kNSp0wFkw2F0MkTbC21qY2EbwgpVhZeQt8QOPSqM3znDPAiUHfnS-JsCRJ-29lQotRzzeaz59Lbjd0X0glodFAVzgu8ES8u3Pj8U8lt-8DBUH21Sjn4yAIqZkYuH1OTLPMLXOAxIA6IAkijucSRyvrb5Im4hNqh33_XyR4jrmGBraObLafDD7hTAty1l50AVdwErm5vFwd_cnoQQH88SnhRXwS__Y_wTdB-_29LgQViNJRADqFvJiz73JStKh2AjT_VLl_bUHOBb1dVd6FE2CSJzdhWaGJLtCEYuBTE_p7xNBrg2Zfq71VjwEsg52wOX5PsBsAQUEA2ySWE_4RUzlU9l3J6ECig5X-mq-r59YWn3VOIYU_WBvqZcwxGc3qPj4xi5BV--OyaHRl7UOjMeFpVPW2Q3Tbn4vNK3AkgMZ3bmCXT9pZeXL1pI-ZLwA9n5u0oBTFiHcaJ5AIi5r0jf97wOkXoR2zbIKuj-imaUWZO8pvVBWh3Kio4NfALHOeXQ48BviooAnMCXH49bWeCp4x-ppWLtc-9FCydLgPVvKE_VFTlpLRaA1s5PuVBFbR5BKOIxs5Loeg5NQmydiFtXq8Qff95g4jOZrlhFDf8LJsLAUyeibrsboCMSB_8CaaEAry1tmA5fvp2vuuMaIHz4WzdKumLocUshjxi70Ek8uIcfJZeY-j02U7ahpgTV0wSrJoOkX5llRUX4J89hGRFrnyn3429AoTRKMrN7iZvHynrilfvOjdWxhXHmblsFXVeNNvfuui8kyi1nsf9igjPf3IG7BJDOGONGNbFYHOOv7pKRmcbixci-8HBtmrVocnDziQ_sL4XbnS-6P1okT7noJOiZ2G0WZdnRIXWy0qxcVBQUZgyPtQCpt5e9ogaamo1A1RBof0sfLBFXzEV8o2e2NcQT6FrRR9BSH7eV4vBJ9yqWB2POqdu9UpO0jf46lUGI__OE_PkZBH1NvjXRwmU318folfL9SaznmRnPklj70WWdvl_NG_92AQyhVmEbU_3qx_dtHVudtSFwW0Hqwxh00ibXepfCVR5CBCjkDvHuyckR_KnHilU2rzAMyGjzFurWpgdbOXM4vxZMUPXLoQDv5WLToU_Xjve_xNnqjGABbq88A4GH_dTZzoUD8FiCj2EvqcXIdpkBdMVzOQAqaw2AyCzUBmh87hUaeDY4ZhNdeXHu8_P-HVPOsGZVdThhLq_eyCQCZWdvgPaBt06HVRhDiW-vfNXfXMwV1PwZC1MHIIygE-l0dCQGL-whSONz4tYcN81uXQqtIAHSsoSw-h71ScWFox2CU6_0bdRm41SBerecSjOCkKIAacjHv5qQBbeOz8NBTSuamn6K4LlT1AXNr9uo42K4odldYUOwQFDeuagm-Rargh-7X6JGWhnMyljNoZReWSwga-w800w6B5m3rpXx-pU0zIWLO71GfqQ2sz5Aw9EIdK2UGDKYN1l34lzSIepB_-CgrHVt7D7-ZYNr5eUOAZRBF8cOrWIrENwdje1pTHwrKFxzCx3oxUVJCr476-L71CJAaRm-koatj8bPTGiA2R9NoQyVbMBHPmEdFW1hRUrOWDXrTkqfVMSg8-kOMijEGNB1eN_4MeNJFM8-fpusR7oVF1UzhhNxX5bmz5-C0vmWax9f_BAK4j2IfhnnIFTxFHYwyS7b-MOC9ZUXgy7HoWtYSNoAasn4A6OTh-MOLrRTF56YHX7U4s4Kw4_E0wJqkYv9mtwWt-SLAJASF4absakhH4L4BYdllIkRHVf_P3hvw6AiH1vGsPxNSG_in0GUDzc8eL-yi8eexikoKEwvZIWO4bbaxnVsk4ky2fNdnzS-b_xeM6xJEZBfMRT0HmKpWP4Xcng42ETJT1UE_CavCPSihmB3wXA8xVz7KHMBe2PN0zSgUbawCDXQH7dyHQ4O0xVucxcBctBUuz7eSllHDEbolUsmHgko9hymze5F4fQWAFi3TvGwo-MaLgoGU3J-yoIvyOK7YRXWbHS_OY8ymGHvtz6isJxFtMCDbk7pRE7trtEij8gFFgutIljerLYi_-NBfHKipdnw_yGiIHbPKBopNrRDqgX2XhyGj5uqUSiaycjfslvWuSOoi6Bdo7dUnVBMioihMRNEN_k6rqUcKJNLS6WLqvKB5zp64FA-bzX1xre32anAif_I4nKnmigYQ1Rkq2iyOAEQkajZUNZvYb6w4whP30B0UKJsJRKVlnxaouFfYKznSVbCeQENxTChYQOP6xlMpFIbuEed5zMAW9RyD2EBsBvGTyblW9FD8SaJZpti3LB_N6iJxKRv3a8kl5POmHppl_KF_npn8Z1gWS-JoYsHKlqWNS4X5oHhvpC0g12GHokjm4B276bQX2uUaDXlr4JXINSHbF9qgIxDqzb6-8tRSIYG-qH_Gm8P9pyFpSMUPbvb3_zhy3jYZuf3Ewz0pFbLP3ipHeQ3VNtoJlv01Di5Amgct4ctisb2IUdmEw6HssJZRd7f8zvwcM7nd-Tc43dpbChq5p2IgjDRXref32_PT0f0qk_MvuYIRp9DTawI63tK9QE1tMrRsh3g0S3OVsgsMZ4onlY9OTu9J4X6TxAXIKgp4qi4f5-BT77HPzzIiEck1QtIXbo4difUuaI_Km9iSnunV0W7-MZi0CbBGEE9J7O25t7FmiIvgTI7lNOcera5gMaJifyAV9Qj8Nb6DKJLy-p456Y2L5eFVic62mMFJLS475ID86rwQCxjHyYLA7z7ELIvkLGODyFDOy85fZ5wkmEO7_qMfvGs1rHj59yB5BZN857qzkAWtnKb1NkznouBUiyfXwu88Zg4WNGIBq2paU8buhLyGBqSG2ykhPRv97t8tcVFXQP-0pP21dSYUtXyZOESWu8zo9PoRHDBdYqzPk7b370ufqeFzqOtSu7JEzs_0X5CVXZlMsYPXMIPsUchPprmei5ydHC3uzF2K8-HmQJSfQHF3-OM6HO44-OlxIN0MA6cG32VyTVc6ZooNWsQlATSsc90lUzC0TYOKFicnyvNLxNEKdD44BhU7Y-s7J9XfFZHZEmBqhjEWPEN7Pg07vpuaR0gwPmcBmPau-OT8oT0BnVcJY8SMavHevoJTSLm-ghsuzKb_uXy564LmK_nUz56JzkdHbhK21lCkGeVSaG__kwRaaNkXdeXzoyYHYQb5662RNKI7FVPZY73wRPfonsibLC2ef3tXeAecJstSy4sZq__ke6Ty8u79cKXY6lgAOVzzdGqHRKpSvijMts5TdrhZ7fe-M2yk_P57tVU7V0FKt3EiIP5LkCyKYCPRzsWrpVArgDFHXONuOrcVrv6xgZb19kbKlkGdxXwAQEo71MzygcP6Fks1yu-xobyjYiUPrUsivtJM2RjcKXpUB6CJlXPVrvatDGo6tniQO-zW4Kd3R0QOZOqTqo09oEHFLkzRo56S4MlOz7Zqc-UwTFqyc_6bXhSVuGRYM6FBufRykCbiC1utaY34Cu9GZKP2IAoSWEVmArjOyTEPi_V1cWdqL8NVQLOTYAjRVnu7YOR0webBA9988B-wairqT_lUGwvTf3sa7Tte6H234OxC1fE3m_sSkTnFiLZsbsHWzwjVuzw-Q-ksP869rX0TvIxH5dEngefAy5iLB97MYbRG5PYBECkGW7gYpf1ep16ngInOADW7hG0rWxuJfmAGrW_3l7UE_5MNfiGjMz-pD-BTmPYB6FdYvPhkj0NaT3Ld9YMDeypktaHM2N9UULFUz9xfAu3zF1C9d-HoypSnT_pWP8ZtwAes6Ajv_8kp2wavFSjZyLdyReQEWIYMXGZnnEXYGnlXGK-TbOWhpam6Lx5pvPBLNcpSFiT-UFLDEHoOlvFAwykApisQFi-0dmmfHVOfHJA3lJRXFYcE7S_9mlabKk-gRVM5Lj3RTdLfqR8ROJfLdkZDXV5M&cid=CAQSTADICaaNueVN0qy5VjL00h2TeGPwZ430vKqKE14DPdyHKwQDKUIfwPnQjc-gsTIiOxUvFXbpC1BUAvPVfOdgDkvpPsldYxJHbbszH8kYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=2836309949514059000&adk=3062569608&idt=193&cac=0&dtd=35

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

bf8aac16eb63f5518b69756912878423e61ad64416a1506685cdcea57f1a1a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38190
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D16 0
56 B 156ms
156ms Ping
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5475134856425&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D16 0
56 B 153ms
153ms Ping
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5475134856425&version=m202309260101&ct=119&x=1&cor=6769480768756601000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8D16 90 KB
37 KB 102ms
102ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AIgH9eY4sbZPSOaZSDxs_Qow7DmP__oZjhQBnBhj30C1R7VNEutMrIozkYGrSRcGJ1KyWu__wqHkUSxmeavsSDbZ36BKwotDW_6M8JAUwX65tRzPSlcWLQynjly83VMlVqRNSTW69g2XlP-8UMZzG1zcokhozxiFaiGIJBg56pAZ-DVW1mDMurJhRxPC1kqdLiRx01&cry=1&dbm_d=AKAmf-B_9RB9d7UB4G8UhBkY_GsPE9qUWgug5X3AZGhjoWiJa2QZgAQaN2HNtozoVIXV9p39IknPEd6xnsgvNRF62HtYK33w-qZn2GlEABIfgufopIV7n99J7p1HYT42OV4gFgioIet7sybmvIit0dxDzDzLOR72k7_wcHpjs-_4-1quHNu4Uez32Ze_q3Rc4JytsbGXVXtGwtRYGMIWllLXWKrmzoP74BgcG0-dDKOw8dqdRX0qTmlkxA4OnnhLPcqwEKeek97q10_wmo_UwAZu_KOwFgkY9e3onIowNhGFpxmVMjQcfaCqhAO9YfX48X4bDrZaxWgWgBs_yvMVWRoFBv7TQs4pDpOTAye_r6DRuYZzH0kP08z4A02B2vPhaaJdK3r5aiBQ2YSgPICvLwljTVl_qzBflphjb_NA9wmDtd0mxdNltA4G2fb3IRKzCJTebnWDPL4B9_fydYzeBONFQCG6eB7FbK3hCJS7yGQsxfO7CGq6gz1aNDsjmEQZcSUQiLGqRgIKZHwTE5_VQwyLRrkxW86wpL_tZWovIgDuzJ61CKDsYKA6e2zw_EJGr4YJnpXgYvKTuebFdSJhmBBQc27xpIGkgYZtwG_9rYohAyqDS5nKm2M2EQNFlUOiQhnC0W-WYH0Vc-SR89eTwttvW8qWbGUB_v1DOLJXXLfNqWb4TW8JOw5fHmKrLREuiGNKmau5PRJ4qb44Do79lEoUSnSqlSVVdfR-wCs1p-_536S7hXAx4o9MfJ7zxCIapbcLUQreG8bvX9rUlUTnF3rlRYkqA2UC-3W045YMv760L6pUsuY0BrxfBveNERCgI-DrBUDMmz2dZcBQNoqxRuOkD2W-SNLrfSZnqJX7c2Ji7hqaYUSnZoNeue0FjubBRKQ8x8G8b0uteeMrrZIHLvkjIGokfy5I88GDlo00DGwhNZOP8_0noMdCy4AIvmIvjJgaM_nOWedsDs3Oxku5NOE1J3VYl2C710SXGKyBknk-leigfgdDgKi2Q1lYbthtSatvnNrDb7xwfGBrnahkuJUBZAvvQ1RgP9QZnOeI5T9Cu_dMFl3H4U-rLwU1p9yZ2XRYx8YTPaa9nzsqdssROKU8Jt5g8b5dVF5AZMn110mSwQrO90c7CAT_dWxXkTxR2N03DovIvm10uohVMDOjNNf8fXgj19FlQZew8Wb5uWEaywkm15eMrgqIf_PZpUiPTqYKsYw5XOqf2YDy6Dw7Hdq10NUdFY-bnQRRHawvhf17efZ92iRz9OwFihpBnARabLuv9k2rW8vZVJGGCdwBuHwt0lvGhKDx1ghL8vkhlMpHVmwP1YFvvoeKh109WzXOq-THN997kx8ao691GCI5q11s1NqncdU6VvSxlGMqsbQ7S7y52ghfx9g1MAdJfKf7RUPBu1ALt5VEEBp0p68x00BgpTxcz56esMcIg9LkJ4rivFxws-uESL6EPiCXAQ_w3PFrfwn_lsBGKPDhphQpYOV08g9mxEx61j7RQIt5UDjDt7aQoa9n385k4v7OG2wBmpO1gs2PTIaS86M66saKlWbmFAvWPK2fw5fIv6rLsJovJz-zpI2ENrsZ8wTg52ORsKE5Q6tUfRoSdoQ-ZMt-S458v6VDBLJ8tLd-IvWR0Fx-CY4Fb6os-NRQqaaIUO73kn6PSZznZom7lh3hamCjsYbqWsl9iGyrFd5hNfxM-it1y1Y9YYYoRFm2e_Hdv8LmqVBajK-qyBvmKCestfabOkHREqe8lfr95yBYAaZVmmDHriN1UecPhEwlDflTj1uLXDzITf4oXXtKfg6KQv0SISa9Pu-olVyRvFVk8em7cqRHwsU3l5obK_N16WQve-77VDRpClAr6qNGRFYv3EEdX0ThbGR8P75UgPrvcku3su7im0pGvypDG_YOPi9H9vUypWCRz5IdAgNZXz_ChOGif0Mace7IlIZc-FXJcx9b9uFxwchucHTr44Nvic5eHDOZVG0kkwalTVrQ5AYPAU8enAU6yyMR09wqo_nyVKaKEf3Rp5R2GW1GDxXqd7YfaOrgD7cxyxXAv1YOM82wIrku9yMtsA84pNlWOP6BbJxNceZIodA1a_-6dWE12Nd6ei-4PF2PF90ckizUcfwuKveDuVPPbXlHRvo6b8QoHYQlauNHsCPs6DnPx1t9kiM46w1Dz-9-Htflvn2ejOsLZUNVncEnnL4BggfMq04L6KSUmT48S1R67LyUSQklX8hFai-wwNyexlbIQO8Va0-EkFzWHog63GJu8QtTjrmki9w6TXPHQpXjsM6JuXhPCvLPpOTwHgo0YYWuYQsV1i97_RFdim4eeL4dKYN-wMuUgiRen_zK4V8R0pVSEJtuDJMBIH4i8zeUU2FKPDd4ufuUCKriVQZQOt1w6Ss5fCH2OfB3AAjq-mSqAbMySFugrDKdgK5WZ4DP6lg1wpxnn5q8Nntn1mfbPj-aGqwl1TfOe7nahvEw_pwOgebach-K84CU-HzntrhPoVN-5CS8sH3dFab7z9hAxl1ss0tBStuUv_FMAvc8j4zk93vg-N3YwAdqxXty3RvHev7GU60GAndeRZzaS4ZuG9FRVk0HoESCg6pmpzl1xkATBSFeWfazTUhyY3QPzQa7gGaUFgXz2lwRxtLk_fq4QFH3-jzH0hlr5MTNw-fGkgEEiPw3E_krs5Em449Vx_49biQcBVHRqZgsuiRY4n-KFK-UIi_PWK2MXEh2sZOxPBYNfCihKFV7_yqW4g97X73m2wz0WDEBDrdQHeelGaTTrvzvoRoAWloAdSbnAmL4Ix9LXIpPmi-VAY__5m7Rn_A7JzFQn62GR3j-4v7ALnb1_cuvMMj0If-8-PRxLajE_Nu6b9jqvvak6BGrAsyTKMYdn4_E0d8NggZYTDXgTtIW6BXkbFtFCSgRlAawJWDQXN5t9E3F8F3l1A-d7dq0otfJLC2hb5v0OymlzEPCKrXtthqX0jnzp2exXDZ5A4Aj6lB-3y6VB8SiF4PBavH39XdA9pwQcKogrXa6neBoUfunE2pDvfZn6KQcg27vxzajjANrkDpTM1E1dQxVLpWzbiIwYWCuc3Fs3sDPrdfGW7-a5znzMP9qn4419Y6lMbR51jYSPsWpbz_NXed04ZZEBVCG6W9uuDdV0BZqM9ZJQqOKUJH7BkdhRq_YQquYBhFUtGK4wqiHtWfJjviEjB56OvRkXehWmh-wXDop0oCrU82QMyc6XCkJ_wIZZok7sQKNyoCrffOIpN6I2oe-6ec0wAf74x0ZklXEDzr26r6Ooi-sxIit2D033iYJrqNHoig0S9XTT4CvneLd1exn1E3n7zG-6T7Z7ZHQhUVt53JF9WeuyvaTvCGODrpZu3x3n3kpL-nEa3T5dQLYvE7BG2bqNFJM_YTFFeRaZ-7gTTYgKM4ZMwKhn-BVySt9XiXgfXQiE3l-1nHyCZGGp9-L1sXbAjW3mP2G0umt2e9a-iQmHwc9hxdvgmjHs_cRhfYj6-_5sXsmRRaO6zCte037us7lSNuCAzy7EhmmUvGv3aJH8PG9_m3_A74EZ_40qVxaQCJfKUByOGQCfG7ErMbXQcw6yMC-Sdl4bRzfIqDVZsL3uPu__bdMV7Y5fNuSZUSlgFftbjvNsyjOiNQtGF_BsHjU-NLQRhn8z6rwQ9ZrhtsjaNYKX4vNvbFHnIcX1cOuwF66-ICq9R6yEe0jtZAZMDs9AsFrqya-191clUkFMj6ToHgfY3TA-x6ws3Yi4_wL5k2Pki5c0aaUOYDUj_cHmUcTiW8boD4o1l67dRhj3SggBji1SqirHgJeB1X-wPehp3MgFbBU77vR7knq4I13aBhWBjIIBS27Rg3GS72kiUeIdEmYV9rtIX_3zIS5I5qRGzjldUq1lnrugqUnZbCu_PUjj63fSBJQ9f5L3_EOBaxRja6YJnJmw-mZIfoqBJHYPb5gHKQb0ezdkoRh2I9VyKoCzuajGPZMd2d62j0535T7wXbykI8PvZutbLr8JqrfoyZfltPd4tap0g1ODj8wHMFKECzx5E5OWAZadaYJHiMmHE3IL3OFSjXUVoAdghcpy7Xh6i5XgGO64Ro&cid=CAQSTADICaaNueVN0qy5VjL00h2TeGPwZ430vKqKE14DPdyHKwQDKUIfwPnQjc-gsTIiOxUvFXbpC1BUAvPVfOdgDkvpPsldYxJHbbszH8kYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=6769480768756601000&adk=1935140218&idt=238&cac=0&dtd=5

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

0b77582a1da0a18e23cf71b72264c112921aedf0cf8b7c86425d771238b3a210

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38084
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 23C6 0
56 B 149ms
148ms Ping
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4969221338151&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 23C6 0
56 B 155ms
154ms Ping
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4969221338151&version=m202309260101&ct=119&x=1&cor=17670178649012537000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 23C6 91 KB
38 KB 111ms
110ms Script
text/javascript 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D8H7Xjx5IXVqK0lhbyKEnHukijLBxCT6tVnB8r0J-fWD-ApcY1FCIdJkuEP9Mbe5whdXSpaJew0F4HuG3-w7gvJFcQepx881Idi3KG-oPbcntgaPKfFtJp-WMOUwL_nP53PNASnfsAyVPdyJiQCYiRzeiydtSxa40DHTpKoFjaLGpW_hnQfcHUej0hTlsx12nExwNJ&cry=1&dbm_d=AKAmf-CJ9-OESbTAHUDwO3vAS8HOGtjNKq5HSx-Xp9XkOIZjKrveGLFusrZn3_stHYU4YkYG7nv6jp9A88dU0CR65HSBcLiNwSDNjQt0FpjJss38avwqmqHgLymYn5k80pVHAVmVyvHfqhhNMjUQ1qS8eCu8kJ_O6nB4V51pNAxXIDwJOYNNGlMaGqDYvlC2aqPa2436dCrQyrBProOJAYwEOz-ctB43nIKgI5zcPj0ggbfpIbrlXK-Aiu0uqX9v8yEW2qWgns4ljhEnrYgLidD3TWN4xmBPosctt78VZ8dzG5Ea19jWvV7U5IdgiRTOF10zz8jnO7qsM6BNXbRuWZbRwUlLN4020iLsYXRcMz5bqHvuBuD7FbwlK4joyAyvBFlICDsL3fJbq3NYs-tLAmZqF1DEnfqHMHMMzZeHcPi0ikrTW7DWqks2btK9NYn7uhueNbZkS8wFf0KpCB4spaFvuGj1YQS3t3LkXEAEf7jbaY8iXNHHXDNN8km0P0EQ4t5nw4gUC78uuAbPPaT3yqZ8ArhkWLPB3wL-qMH5qeW61iFuLXHwwBUWztEcCqcpePIb3eRnNtmsVEEyA2TatkFC4n5mKiUemFaN576cMX1Y94KEX2WtTo5JJa1fIjnRGGwiWL6kFBrBTSXTSjcYfpKn-FNCxSjEJrwRz98BpbcEMBAKHrIGS9kgSSzAJ3IAruHEGLscWjB180Tgh8MW7OalDrYRZBC9ldAG0VvgOhMLQYta_rQFyJrCiOvFDjeeAbUfP4cwF_im-GQDgns0QTtFfFcghwJqD_1cpBMOMmjareFThAnIwA5IEKwAug8l3GuUAQLIBsbO7Q6-WibpgIy4FVbBK-3cmJXvVdIrfM9_Wy1BOQM_CYsM1hR-RnVpU6XheWZhMrmiF9evK3yGKl4D8IJTwRdLDPvEd1QvqEJnt0upnmVsJEdBWR2M5e2qk_oLtTdtFkDacqEexARYmCfakMQD6tEvcNu5gjovZRutRHt-vsWXp3cdDCh3q4MLAiMOkFCBxpxzmK6WbPFZ7tK8mvlSwqgQhlssJErrqde68lx2CIsOmMbJUWs8ttKbFkhB4dn090MaToGmvd2w2oalJ-zo4CAw7GAe2fH_8wmjwukD54xq_tkqOPbuceafZpdtOEMO9y1P5l3TraVLON8gOFF8t-uO434YDTtJabPimOKnrtaw7JsZWYoIisVqNl_4Vq6xIejLRXJazHDTbChn2CEwkburg2rhzjaay5c4kCbooqlnt8h7bi0imPROVcmne0cdcY29b_mr584MjHA4l5PtKissHDswfdtvnPs3xwTbdiW-xmP_nlO5LsyQi-j8FSGRpJQM6rzpTiW9J97n9UbuxwVzomkNmQFILY4jSbi5RnfoLHbM3-nJZrzzc2tDt16kOB2japY1w7x0H8xU3IiRrkPcFb0eHBlvbZL_FWoaKORMfq8C4s6QaXUN1lA3PSD27ZIkPhF7a_7S13UPq9dToT9ntDHnmfsXcUeBKf7Aam-kHYPI1hsHrG83hDpeRLPOxzI072eulPT0e6MQtcFLY8KBK1UALQTvO2bQNn-NyVrzPbp-HbRmENEF0u-4869SptQUTcZHqxsHdPlFu9aW4rDgSSCrIzKxNNQjTsvsSOPXJ-kVAxg2fdCrFSrHlBJJpipC9KBtxD6SFt0uNO1e3KUpB4qK6Nr_6KYs9Z1Mu2T097AiLYElHPN6o3dH63pDzP_9szyTQjDQb8wfewBFmLEF5ddCcC0QVMKNeuY5f1laCJEpzU1SRK2jFribor5Xr3B7l5Y4KU3FWYT1dlkGrlCXCX9-zwa37CP5K-TqxDsfFUHCJOmrHwRMLbHoEtRstONkJry7jNboOxcma7TaF6OEYUqLtBmwyEF9iTOkGtI7v_DpHWbK6YovLiuNN9UsuOMDOiHxRccImC3OrZIlXZoermUVrnZElr1bltQp7VuZ-9F8miZ0yyMnGLmThdUpQMlgSORtIlqP4aHlwFfXuGarzKaVsHDrHIUQNM2qHVXrwO334-Hte26FsVIOIzF6sZgLxuutCm0kpkrrQhYtfjzfLQLa11Mxoq91VUnL7SRokwfuQ48qteuBYTi-NRrKHdnJsYxdbhD4id2YxG5Wwfnb5FyrnhAlF4BSSG5iwXUHBgbN2_uvkj5zpubkQpRJOKnTvvXbIL8EReuXYEnigoH7D1Tle8xqi-0l5aP7b9wpeLdRHM0cKAu04Hzo65UqXuaKxucXDetsKNbkHzBXqCG2jK6VtKrBEBsDFy0fFYyLz7CxfJOOY7KTQKAhLr9TaE3P1GYHoQKIqUb5Ib6FZZm89F1mVAD0bNvnMAIOvYim-gPCuBfuWTLFEhmbg-JGBgVBZibzTusUfoBJfS9O5WpxQFkoSzC8DKIhJ6hcvBTlX69pmTI-dQYxlU4mDhS99j5-KzacYU8xLzQij6BLP7tZGSWvIDoI20UeRH6LRRtgx3dGLE5nfWQ1DvJBwcvIVsZ-xHBJcgdN458XIVvZI1heWVVYtywNnsCjA9T0c3-uIEzQnrztsE4Ar08g1xzDNkTdyJT6QaPhjKgtLUqkpnhR51KcjXlIdyDAN_V3FEDcNJEiuAaoi_aN6D-uVmcd44VpXGvmQkTdgBd-Wi9kfsRgVKExyzQXHOdkHCpr8BXxIUmM3udf0ikQGK1uuwJSUV_k7fAGw_69ULa4-Gtc00DAi0NfPrrWsH5Ymk3PaHCbOvsIyfEoctAJewCGFxpGWjXxqpzZ1dnBWgr5Ia357SBFwCD_DQtTubm3MuNlT3jXx9Qjg_mjQPMhngC2VwtcR_abglXYsdzsLEIs_ySgexwHxeUSKvwLujqnfVfBR0CtNgW2XEq06_nvRAETmpUfOixWbdQ7TKsMqauakPmTD7_8uogoP00gow9syQ7mZzhaQ2xgKWyEznckWasfZOokbjc-L0kf--GIC3rIpN6w9qGKTn6F1y4LZ0U0s8VgR7D6vhj28WgVGIkmJnh6iqMfMB3nh_47RpzGT21wk2vCEawKqDxGUYKfattlBqQQodaShIr1ZPfbKRdAUqqYCFUt05AQGxrLaVKc88UCe8DAxwXV9Nm6dWilXKW3IPQUogJskadRlbZDkg_2XUkJCQsE_jh0UtgoVDw_uVJ6aoJUA409mv715L7-O6dgVtENo33Y9gAkfbSA7yD-qx-e4FlEObN3Ytc6xgs7vWdmGb5iWwQSe_67mRCFPqUvk3Uw-qgkgmsWFXx8zaxkUf7f-m7Hp1Rv8ArTLvEadgzJnlSij93cUNyY63LMZChJAEA0uNfDbNqnrStK4g5eCAwrdL2YJScYDXCqw8YKpX2R8A1ChJdUA3Iw__yOMUEvA13wKeWmFdBJEJFQok0jPySY_eW5ImFfnu0ljJvVRtptg4Ji9ymRmBcVDn8KUAyRIPe5fAuhGcshk-WA893EG-dnUAk235rPQpjhHuP2ZADTL4hh_8Z4lzv8Kc6kd7dqWKpeRhjsXkTmmyMVjeETNyniExcXaLD0Ky7WN9vPZwahmvdW0amErfI7-q4b9t-ZQwYA3KkIDMf-w7RO4bOy8R0YfvnDFpe-eqfu2XJZKw2j6IOGgwn_GBq6E4XSiq23_QVLSaEX0EH69jfzJlwtFmJxyeCGQWtJiSma9QetWKTHpNLC1nbh_lD9gValJNg2dUafEplW9v1aDYEBto9QW_LhZcyGZroofpZD4LThHI3HcgDLo7hnIjC-mj5EuCkF0Wgb89i3eieIvubWgGYvTR_xBU59RbePNKW7zAWMLLlvgGwl5mThimHdRTshzPhcMCQMHtk258hQHDtmRBxiBuJ6HWGStES6GCI0hw83iZhbcuK5uXDDarbE1a166JEM30hUzOY2MR6iMlyuys8KrNJmMrSrBIkilmj18qIja4u7DHg9uOnE_J7xvZfdfUG_I4XjoBYxhxlu-T-7xtD5HATf4Za6tP8j&cid=CAQSTADICaaNueVN0qy5VjL00h2TeGPwZ430vKqKE14DPdyHKwQDKUIfwPnQjc-gsTIiOxUvFXbpC1BUAvPVfOdgDkvpPsldYxJHbbszH8kYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=17670178649012537000&adk=1405019969&idt=236&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

3bfdb36fb003e8c850a1e48b5c182e6f3d5d711d4ab552a6e2b9b70419d6c5fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38397
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 8D16 111 KB
39 KB 942ms
66ms Script
text/javascript 142.250.184.230

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38763
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 07:03:24 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 8D16 11 KB
4 KB 47ms
47ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AIgH9eY4sbZPSOaZSDxs_Qow7DmP__oZjhQBnBhj30C1R7VNEutMrIozkYGrSRcGJ1KyWu__wqHkUSxmeavsSDbZ36BKwotDW_6M8JAUwX65tRzPSlcWLQynjly83VMlVqRNSTW69g2XlP-8UMZzG1zcokhozxiFaiGIJBg56pAZ-DVW1mDMurJhRxPC1kqdLiRx01&cry=1&dbm_d=AKAmf-B_9RB9d7UB4G8UhBkY_GsPE9qUWgug5X3AZGhjoWiJa2QZgAQaN2HNtozoVIXV9p39IknPEd6xnsgvNRF62HtYK33w-qZn2GlEABIfgufopIV7n99J7p1HYT42OV4gFgioIet7sybmvIit0dxDzDzLOR72k7_wcHpjs-_4-1quHNu4Uez32Ze_q3Rc4JytsbGXVXtGwtRYGMIWllLXWKrmzoP74BgcG0-dDKOw8dqdRX0qTmlkxA4OnnhLPcqwEKeek97q10_wmo_UwAZu_KOwFgkY9e3onIowNhGFpxmVMjQcfaCqhAO9YfX48X4bDrZaxWgWgBs_yvMVWRoFBv7TQs4pDpOTAye_r6DRuYZzH0kP08z4A02B2vPhaaJdK3r5aiBQ2YSgPICvLwljTVl_qzBflphjb_NA9wmDtd0mxdNltA4G2fb3IRKzCJTebnWDPL4B9_fydYzeBONFQCG6eB7FbK3hCJS7yGQsxfO7CGq6gz1aNDsjmEQZcSUQiLGqRgIKZHwTE5_VQwyLRrkxW86wpL_tZWovIgDuzJ61CKDsYKA6e2zw_EJGr4YJnpXgYvKTuebFdSJhmBBQc27xpIGkgYZtwG_9rYohAyqDS5nKm2M2EQNFlUOiQhnC0W-WYH0Vc-SR89eTwttvW8qWbGUB_v1DOLJXXLfNqWb4TW8JOw5fHmKrLREuiGNKmau5PRJ4qb44Do79lEoUSnSqlSVVdfR-wCs1p-_536S7hXAx4o9MfJ7zxCIapbcLUQreG8bvX9rUlUTnF3rlRYkqA2UC-3W045YMv760L6pUsuY0BrxfBveNERCgI-DrBUDMmz2dZcBQNoqxRuOkD2W-SNLrfSZnqJX7c2Ji7hqaYUSnZoNeue0FjubBRKQ8x8G8b0uteeMrrZIHLvkjIGokfy5I88GDlo00DGwhNZOP8_0noMdCy4AIvmIvjJgaM_nOWedsDs3Oxku5NOE1J3VYl2C710SXGKyBknk-leigfgdDgKi2Q1lYbthtSatvnNrDb7xwfGBrnahkuJUBZAvvQ1RgP9QZnOeI5T9Cu_dMFl3H4U-rLwU1p9yZ2XRYx8YTPaa9nzsqdssROKU8Jt5g8b5dVF5AZMn110mSwQrO90c7CAT_dWxXkTxR2N03DovIvm10uohVMDOjNNf8fXgj19FlQZew8Wb5uWEaywkm15eMrgqIf_PZpUiPTqYKsYw5XOqf2YDy6Dw7Hdq10NUdFY-bnQRRHawvhf17efZ92iRz9OwFihpBnARabLuv9k2rW8vZVJGGCdwBuHwt0lvGhKDx1ghL8vkhlMpHVmwP1YFvvoeKh109WzXOq-THN997kx8ao691GCI5q11s1NqncdU6VvSxlGMqsbQ7S7y52ghfx9g1MAdJfKf7RUPBu1ALt5VEEBp0p68x00BgpTxcz56esMcIg9LkJ4rivFxws-uESL6EPiCXAQ_w3PFrfwn_lsBGKPDhphQpYOV08g9mxEx61j7RQIt5UDjDt7aQoa9n385k4v7OG2wBmpO1gs2PTIaS86M66saKlWbmFAvWPK2fw5fIv6rLsJovJz-zpI2ENrsZ8wTg52ORsKE5Q6tUfRoSdoQ-ZMt-S458v6VDBLJ8tLd-IvWR0Fx-CY4Fb6os-NRQqaaIUO73kn6PSZznZom7lh3hamCjsYbqWsl9iGyrFd5hNfxM-it1y1Y9YYYoRFm2e_Hdv8LmqVBajK-qyBvmKCestfabOkHREqe8lfr95yBYAaZVmmDHriN1UecPhEwlDflTj1uLXDzITf4oXXtKfg6KQv0SISa9Pu-olVyRvFVk8em7cqRHwsU3l5obK_N16WQve-77VDRpClAr6qNGRFYv3EEdX0ThbGR8P75UgPrvcku3su7im0pGvypDG_YOPi9H9vUypWCRz5IdAgNZXz_ChOGif0Mace7IlIZc-FXJcx9b9uFxwchucHTr44Nvic5eHDOZVG0kkwalTVrQ5AYPAU8enAU6yyMR09wqo_nyVKaKEf3Rp5R2GW1GDxXqd7YfaOrgD7cxyxXAv1YOM82wIrku9yMtsA84pNlWOP6BbJxNceZIodA1a_-6dWE12Nd6ei-4PF2PF90ckizUcfwuKveDuVPPbXlHRvo6b8QoHYQlauNHsCPs6DnPx1t9kiM46w1Dz-9-Htflvn2ejOsLZUNVncEnnL4BggfMq04L6KSUmT48S1R67LyUSQklX8hFai-wwNyexlbIQO8Va0-EkFzWHog63GJu8QtTjrmki9w6TXPHQpXjsM6JuXhPCvLPpOTwHgo0YYWuYQsV1i97_RFdim4eeL4dKYN-wMuUgiRen_zK4V8R0pVSEJtuDJMBIH4i8zeUU2FKPDd4ufuUCKriVQZQOt1w6Ss5fCH2OfB3AAjq-mSqAbMySFugrDKdgK5WZ4DP6lg1wpxnn5q8Nntn1mfbPj-aGqwl1TfOe7nahvEw_pwOgebach-K84CU-HzntrhPoVN-5CS8sH3dFab7z9hAxl1ss0tBStuUv_FMAvc8j4zk93vg-N3YwAdqxXty3RvHev7GU60GAndeRZzaS4ZuG9FRVk0HoESCg6pmpzl1xkATBSFeWfazTUhyY3QPzQa7gGaUFgXz2lwRxtLk_fq4QFH3-jzH0hlr5MTNw-fGkgEEiPw3E_krs5Em449Vx_49biQcBVHRqZgsuiRY4n-KFK-UIi_PWK2MXEh2sZOxPBYNfCihKFV7_yqW4g97X73m2wz0WDEBDrdQHeelGaTTrvzvoRoAWloAdSbnAmL4Ix9LXIpPmi-VAY__5m7Rn_A7JzFQn62GR3j-4v7ALnb1_cuvMMj0If-8-PRxLajE_Nu6b9jqvvak6BGrAsyTKMYdn4_E0d8NggZYTDXgTtIW6BXkbFtFCSgRlAawJWDQXN5t9E3F8F3l1A-d7dq0otfJLC2hb5v0OymlzEPCKrXtthqX0jnzp2exXDZ5A4Aj6lB-3y6VB8SiF4PBavH39XdA9pwQcKogrXa6neBoUfunE2pDvfZn6KQcg27vxzajjANrkDpTM1E1dQxVLpWzbiIwYWCuc3Fs3sDPrdfGW7-a5znzMP9qn4419Y6lMbR51jYSPsWpbz_NXed04ZZEBVCG6W9uuDdV0BZqM9ZJQqOKUJH7BkdhRq_YQquYBhFUtGK4wqiHtWfJjviEjB56OvRkXehWmh-wXDop0oCrU82QMyc6XCkJ_wIZZok7sQKNyoCrffOIpN6I2oe-6ec0wAf74x0ZklXEDzr26r6Ooi-sxIit2D033iYJrqNHoig0S9XTT4CvneLd1exn1E3n7zG-6T7Z7ZHQhUVt53JF9WeuyvaTvCGODrpZu3x3n3kpL-nEa3T5dQLYvE7BG2bqNFJM_YTFFeRaZ-7gTTYgKM4ZMwKhn-BVySt9XiXgfXQiE3l-1nHyCZGGp9-L1sXbAjW3mP2G0umt2e9a-iQmHwc9hxdvgmjHs_cRhfYj6-_5sXsmRRaO6zCte037us7lSNuCAzy7EhmmUvGv3aJH8PG9_m3_A74EZ_40qVxaQCJfKUByOGQCfG7ErMbXQcw6yMC-Sdl4bRzfIqDVZsL3uPu__bdMV7Y5fNuSZUSlgFftbjvNsyjOiNQtGF_BsHjU-NLQRhn8z6rwQ9ZrhtsjaNYKX4vNvbFHnIcX1cOuwF66-ICq9R6yEe0jtZAZMDs9AsFrqya-191clUkFMj6ToHgfY3TA-x6ws3Yi4_wL5k2Pki5c0aaUOYDUj_cHmUcTiW8boD4o1l67dRhj3SggBji1SqirHgJeB1X-wPehp3MgFbBU77vR7knq4I13aBhWBjIIBS27Rg3GS72kiUeIdEmYV9rtIX_3zIS5I5qRGzjldUq1lnrugqUnZbCu_PUjj63fSBJQ9f5L3_EOBaxRja6YJnJmw-mZIfoqBJHYPb5gHKQb0ezdkoRh2I9VyKoCzuajGPZMd2d62j0535T7wXbykI8PvZutbLr8JqrfoyZfltPd4tap0g1ODj8wHMFKECzx5E5OWAZadaYJHiMmHE3IL3OFSjXUVoAdghcpy7Xh6i5XgGO64Ro&cid=CAQSTADICaaNueVN0qy5VjL00h2TeGPwZ430vKqKE14DPdyHKwQDKUIfwPnQjc-gsTIiOxUvFXbpC1BUAvPVfOdgDkvpPsldYxJHbbszH8kYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=6769480768756601000&adk=1935140218&idt=238&cac=0&dtd=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:56:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13950
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:56:56 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 8D16 30 KB
11 KB 55ms
55ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:45:14 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 8D16 41 KB
14 KB 59ms
59ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 23:31:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65869
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Oct 2024 23:31:37 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8D16 41 KB
13 KB 78ms
78ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696528163709844;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557462
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 68F7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
159 B

64ms
60ms

Document
text/html

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:27 GMT
expires: Thu, 05 Oct 2023 17:49:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 17:49:27 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 23C6 111 KB
39 KB 846ms
81ms Script
text/javascript 142.250.184.230

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38763
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 07:03:24 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 23C6 11 KB
4 KB 75ms
74ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D8H7Xjx5IXVqK0lhbyKEnHukijLBxCT6tVnB8r0J-fWD-ApcY1FCIdJkuEP9Mbe5whdXSpaJew0F4HuG3-w7gvJFcQepx881Idi3KG-oPbcntgaPKfFtJp-WMOUwL_nP53PNASnfsAyVPdyJiQCYiRzeiydtSxa40DHTpKoFjaLGpW_hnQfcHUej0hTlsx12nExwNJ&cry=1&dbm_d=AKAmf-CJ9-OESbTAHUDwO3vAS8HOGtjNKq5HSx-Xp9XkOIZjKrveGLFusrZn3_stHYU4YkYG7nv6jp9A88dU0CR65HSBcLiNwSDNjQt0FpjJss38avwqmqHgLymYn5k80pVHAVmVyvHfqhhNMjUQ1qS8eCu8kJ_O6nB4V51pNAxXIDwJOYNNGlMaGqDYvlC2aqPa2436dCrQyrBProOJAYwEOz-ctB43nIKgI5zcPj0ggbfpIbrlXK-Aiu0uqX9v8yEW2qWgns4ljhEnrYgLidD3TWN4xmBPosctt78VZ8dzG5Ea19jWvV7U5IdgiRTOF10zz8jnO7qsM6BNXbRuWZbRwUlLN4020iLsYXRcMz5bqHvuBuD7FbwlK4joyAyvBFlICDsL3fJbq3NYs-tLAmZqF1DEnfqHMHMMzZeHcPi0ikrTW7DWqks2btK9NYn7uhueNbZkS8wFf0KpCB4spaFvuGj1YQS3t3LkXEAEf7jbaY8iXNHHXDNN8km0P0EQ4t5nw4gUC78uuAbPPaT3yqZ8ArhkWLPB3wL-qMH5qeW61iFuLXHwwBUWztEcCqcpePIb3eRnNtmsVEEyA2TatkFC4n5mKiUemFaN576cMX1Y94KEX2WtTo5JJa1fIjnRGGwiWL6kFBrBTSXTSjcYfpKn-FNCxSjEJrwRz98BpbcEMBAKHrIGS9kgSSzAJ3IAruHEGLscWjB180Tgh8MW7OalDrYRZBC9ldAG0VvgOhMLQYta_rQFyJrCiOvFDjeeAbUfP4cwF_im-GQDgns0QTtFfFcghwJqD_1cpBMOMmjareFThAnIwA5IEKwAug8l3GuUAQLIBsbO7Q6-WibpgIy4FVbBK-3cmJXvVdIrfM9_Wy1BOQM_CYsM1hR-RnVpU6XheWZhMrmiF9evK3yGKl4D8IJTwRdLDPvEd1QvqEJnt0upnmVsJEdBWR2M5e2qk_oLtTdtFkDacqEexARYmCfakMQD6tEvcNu5gjovZRutRHt-vsWXp3cdDCh3q4MLAiMOkFCBxpxzmK6WbPFZ7tK8mvlSwqgQhlssJErrqde68lx2CIsOmMbJUWs8ttKbFkhB4dn090MaToGmvd2w2oalJ-zo4CAw7GAe2fH_8wmjwukD54xq_tkqOPbuceafZpdtOEMO9y1P5l3TraVLON8gOFF8t-uO434YDTtJabPimOKnrtaw7JsZWYoIisVqNl_4Vq6xIejLRXJazHDTbChn2CEwkburg2rhzjaay5c4kCbooqlnt8h7bi0imPROVcmne0cdcY29b_mr584MjHA4l5PtKissHDswfdtvnPs3xwTbdiW-xmP_nlO5LsyQi-j8FSGRpJQM6rzpTiW9J97n9UbuxwVzomkNmQFILY4jSbi5RnfoLHbM3-nJZrzzc2tDt16kOB2japY1w7x0H8xU3IiRrkPcFb0eHBlvbZL_FWoaKORMfq8C4s6QaXUN1lA3PSD27ZIkPhF7a_7S13UPq9dToT9ntDHnmfsXcUeBKf7Aam-kHYPI1hsHrG83hDpeRLPOxzI072eulPT0e6MQtcFLY8KBK1UALQTvO2bQNn-NyVrzPbp-HbRmENEF0u-4869SptQUTcZHqxsHdPlFu9aW4rDgSSCrIzKxNNQjTsvsSOPXJ-kVAxg2fdCrFSrHlBJJpipC9KBtxD6SFt0uNO1e3KUpB4qK6Nr_6KYs9Z1Mu2T097AiLYElHPN6o3dH63pDzP_9szyTQjDQb8wfewBFmLEF5ddCcC0QVMKNeuY5f1laCJEpzU1SRK2jFribor5Xr3B7l5Y4KU3FWYT1dlkGrlCXCX9-zwa37CP5K-TqxDsfFUHCJOmrHwRMLbHoEtRstONkJry7jNboOxcma7TaF6OEYUqLtBmwyEF9iTOkGtI7v_DpHWbK6YovLiuNN9UsuOMDOiHxRccImC3OrZIlXZoermUVrnZElr1bltQp7VuZ-9F8miZ0yyMnGLmThdUpQMlgSORtIlqP4aHlwFfXuGarzKaVsHDrHIUQNM2qHVXrwO334-Hte26FsVIOIzF6sZgLxuutCm0kpkrrQhYtfjzfLQLa11Mxoq91VUnL7SRokwfuQ48qteuBYTi-NRrKHdnJsYxdbhD4id2YxG5Wwfnb5FyrnhAlF4BSSG5iwXUHBgbN2_uvkj5zpubkQpRJOKnTvvXbIL8EReuXYEnigoH7D1Tle8xqi-0l5aP7b9wpeLdRHM0cKAu04Hzo65UqXuaKxucXDetsKNbkHzBXqCG2jK6VtKrBEBsDFy0fFYyLz7CxfJOOY7KTQKAhLr9TaE3P1GYHoQKIqUb5Ib6FZZm89F1mVAD0bNvnMAIOvYim-gPCuBfuWTLFEhmbg-JGBgVBZibzTusUfoBJfS9O5WpxQFkoSzC8DKIhJ6hcvBTlX69pmTI-dQYxlU4mDhS99j5-KzacYU8xLzQij6BLP7tZGSWvIDoI20UeRH6LRRtgx3dGLE5nfWQ1DvJBwcvIVsZ-xHBJcgdN458XIVvZI1heWVVYtywNnsCjA9T0c3-uIEzQnrztsE4Ar08g1xzDNkTdyJT6QaPhjKgtLUqkpnhR51KcjXlIdyDAN_V3FEDcNJEiuAaoi_aN6D-uVmcd44VpXGvmQkTdgBd-Wi9kfsRgVKExyzQXHOdkHCpr8BXxIUmM3udf0ikQGK1uuwJSUV_k7fAGw_69ULa4-Gtc00DAi0NfPrrWsH5Ymk3PaHCbOvsIyfEoctAJewCGFxpGWjXxqpzZ1dnBWgr5Ia357SBFwCD_DQtTubm3MuNlT3jXx9Qjg_mjQPMhngC2VwtcR_abglXYsdzsLEIs_ySgexwHxeUSKvwLujqnfVfBR0CtNgW2XEq06_nvRAETmpUfOixWbdQ7TKsMqauakPmTD7_8uogoP00gow9syQ7mZzhaQ2xgKWyEznckWasfZOokbjc-L0kf--GIC3rIpN6w9qGKTn6F1y4LZ0U0s8VgR7D6vhj28WgVGIkmJnh6iqMfMB3nh_47RpzGT21wk2vCEawKqDxGUYKfattlBqQQodaShIr1ZPfbKRdAUqqYCFUt05AQGxrLaVKc88UCe8DAxwXV9Nm6dWilXKW3IPQUogJskadRlbZDkg_2XUkJCQsE_jh0UtgoVDw_uVJ6aoJUA409mv715L7-O6dgVtENo33Y9gAkfbSA7yD-qx-e4FlEObN3Ytc6xgs7vWdmGb5iWwQSe_67mRCFPqUvk3Uw-qgkgmsWFXx8zaxkUf7f-m7Hp1Rv8ArTLvEadgzJnlSij93cUNyY63LMZChJAEA0uNfDbNqnrStK4g5eCAwrdL2YJScYDXCqw8YKpX2R8A1ChJdUA3Iw__yOMUEvA13wKeWmFdBJEJFQok0jPySY_eW5ImFfnu0ljJvVRtptg4Ji9ymRmBcVDn8KUAyRIPe5fAuhGcshk-WA893EG-dnUAk235rPQpjhHuP2ZADTL4hh_8Z4lzv8Kc6kd7dqWKpeRhjsXkTmmyMVjeETNyniExcXaLD0Ky7WN9vPZwahmvdW0amErfI7-q4b9t-ZQwYA3KkIDMf-w7RO4bOy8R0YfvnDFpe-eqfu2XJZKw2j6IOGgwn_GBq6E4XSiq23_QVLSaEX0EH69jfzJlwtFmJxyeCGQWtJiSma9QetWKTHpNLC1nbh_lD9gValJNg2dUafEplW9v1aDYEBto9QW_LhZcyGZroofpZD4LThHI3HcgDLo7hnIjC-mj5EuCkF0Wgb89i3eieIvubWgGYvTR_xBU59RbePNKW7zAWMLLlvgGwl5mThimHdRTshzPhcMCQMHtk258hQHDtmRBxiBuJ6HWGStES6GCI0hw83iZhbcuK5uXDDarbE1a166JEM30hUzOY2MR6iMlyuys8KrNJmMrSrBIkilmj18qIja4u7DHg9uOnE_J7xvZfdfUG_I4XjoBYxhxlu-T-7xtD5HATf4Za6tP8j&cid=CAQSTADICaaNueVN0qy5VjL00h2TeGPwZ430vKqKE14DPdyHKwQDKUIfwPnQjc-gsTIiOxUvFXbpC1BUAvPVfOdgDkvpPsldYxJHbbszH8kYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=17670178649012537000&adk=1405019969&idt=236&cac=0&dtd=9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:56:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13950
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:56:56 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 23C6 30 KB
11 KB 86ms
85ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:45:14 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 23C6 41 KB
13 KB 87ms
86ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557463
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
DATA 200
OK truncated
/ Frame 23C6 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dab2f109ea3bccf07b0deb9daf106a2b845af51897ea0b44de908fd375ea3f72

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 47DC 111 KB
39 KB 778ms
94ms Script
text/javascript 142.250.184.230

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 07:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38763
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Oct 2023 07:03:24 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 47DC 11 KB
4 KB 72ms
72ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CWJY0MyJBCF_Vh36PA9yTI9hMNbH1Ao_TLtAxg60-ifF_9_5moAFQmi7-jLFaisUWk2UWEDrrFiCMrnTtrOp9MU03oyRUUdS2zPL8zh7HYEtLQ95cwuDX-HJ2--jIVxGIZEKZYHZPs43N0_zoy3swCbTHEgHeQ5CDD05hqgaP8_QxRKxDJZuiA1ejUHIuPgPa0FOYQ&cry=1&dbm_d=AKAmf-D6kQUThIRZyA6I1bwCcIdseNcjBnEjfFZSyJvd3NvBLC6LpqmH2hQ1Fjsk4lyP3M21nSKEkdmeTNWky-mfldW0GTkDcED0BDu1mVrKpK---sPWfh5WrphzmwwHGG73hQNwNfPOk-9diqKr5VKLl487kU-aJ_kNSp0wFkw2F0MkTbC21qY2EbwgpVhZeQt8QOPSqM3znDPAiUHfnS-JsCRJ-29lQotRzzeaz59Lbjd0X0glodFAVzgu8ES8u3Pj8U8lt-8DBUH21Sjn4yAIqZkYuH1OTLPMLXOAxIA6IAkijucSRyvrb5Im4hNqh33_XyR4jrmGBraObLafDD7hTAty1l50AVdwErm5vFwd_cnoQQH88SnhRXwS__Y_wTdB-_29LgQViNJRADqFvJiz73JStKh2AjT_VLl_bUHOBb1dVd6FE2CSJzdhWaGJLtCEYuBTE_p7xNBrg2Zfq71VjwEsg52wOX5PsBsAQUEA2ySWE_4RUzlU9l3J6ECig5X-mq-r59YWn3VOIYU_WBvqZcwxGc3qPj4xi5BV--OyaHRl7UOjMeFpVPW2Q3Tbn4vNK3AkgMZ3bmCXT9pZeXL1pI-ZLwA9n5u0oBTFiHcaJ5AIi5r0jf97wOkXoR2zbIKuj-imaUWZO8pvVBWh3Kio4NfALHOeXQ48BviooAnMCXH49bWeCp4x-ppWLtc-9FCydLgPVvKE_VFTlpLRaA1s5PuVBFbR5BKOIxs5Loeg5NQmydiFtXq8Qff95g4jOZrlhFDf8LJsLAUyeibrsboCMSB_8CaaEAry1tmA5fvp2vuuMaIHz4WzdKumLocUshjxi70Ek8uIcfJZeY-j02U7ahpgTV0wSrJoOkX5llRUX4J89hGRFrnyn3429AoTRKMrN7iZvHynrilfvOjdWxhXHmblsFXVeNNvfuui8kyi1nsf9igjPf3IG7BJDOGONGNbFYHOOv7pKRmcbixci-8HBtmrVocnDziQ_sL4XbnS-6P1okT7noJOiZ2G0WZdnRIXWy0qxcVBQUZgyPtQCpt5e9ogaamo1A1RBof0sfLBFXzEV8o2e2NcQT6FrRR9BSH7eV4vBJ9yqWB2POqdu9UpO0jf46lUGI__OE_PkZBH1NvjXRwmU318folfL9SaznmRnPklj70WWdvl_NG_92AQyhVmEbU_3qx_dtHVudtSFwW0Hqwxh00ibXepfCVR5CBCjkDvHuyckR_KnHilU2rzAMyGjzFurWpgdbOXM4vxZMUPXLoQDv5WLToU_Xjve_xNnqjGABbq88A4GH_dTZzoUD8FiCj2EvqcXIdpkBdMVzOQAqaw2AyCzUBmh87hUaeDY4ZhNdeXHu8_P-HVPOsGZVdThhLq_eyCQCZWdvgPaBt06HVRhDiW-vfNXfXMwV1PwZC1MHIIygE-l0dCQGL-whSONz4tYcN81uXQqtIAHSsoSw-h71ScWFox2CU6_0bdRm41SBerecSjOCkKIAacjHv5qQBbeOz8NBTSuamn6K4LlT1AXNr9uo42K4odldYUOwQFDeuagm-Rargh-7X6JGWhnMyljNoZReWSwga-w800w6B5m3rpXx-pU0zIWLO71GfqQ2sz5Aw9EIdK2UGDKYN1l34lzSIepB_-CgrHVt7D7-ZYNr5eUOAZRBF8cOrWIrENwdje1pTHwrKFxzCx3oxUVJCr476-L71CJAaRm-koatj8bPTGiA2R9NoQyVbMBHPmEdFW1hRUrOWDXrTkqfVMSg8-kOMijEGNB1eN_4MeNJFM8-fpusR7oVF1UzhhNxX5bmz5-C0vmWax9f_BAK4j2IfhnnIFTxFHYwyS7b-MOC9ZUXgy7HoWtYSNoAasn4A6OTh-MOLrRTF56YHX7U4s4Kw4_E0wJqkYv9mtwWt-SLAJASF4absakhH4L4BYdllIkRHVf_P3hvw6AiH1vGsPxNSG_in0GUDzc8eL-yi8eexikoKEwvZIWO4bbaxnVsk4ky2fNdnzS-b_xeM6xJEZBfMRT0HmKpWP4Xcng42ETJT1UE_CavCPSihmB3wXA8xVz7KHMBe2PN0zSgUbawCDXQH7dyHQ4O0xVucxcBctBUuz7eSllHDEbolUsmHgko9hymze5F4fQWAFi3TvGwo-MaLgoGU3J-yoIvyOK7YRXWbHS_OY8ymGHvtz6isJxFtMCDbk7pRE7trtEij8gFFgutIljerLYi_-NBfHKipdnw_yGiIHbPKBopNrRDqgX2XhyGj5uqUSiaycjfslvWuSOoi6Bdo7dUnVBMioihMRNEN_k6rqUcKJNLS6WLqvKB5zp64FA-bzX1xre32anAif_I4nKnmigYQ1Rkq2iyOAEQkajZUNZvYb6w4whP30B0UKJsJRKVlnxaouFfYKznSVbCeQENxTChYQOP6xlMpFIbuEed5zMAW9RyD2EBsBvGTyblW9FD8SaJZpti3LB_N6iJxKRv3a8kl5POmHppl_KF_npn8Z1gWS-JoYsHKlqWNS4X5oHhvpC0g12GHokjm4B276bQX2uUaDXlr4JXINSHbF9qgIxDqzb6-8tRSIYG-qH_Gm8P9pyFpSMUPbvb3_zhy3jYZuf3Ewz0pFbLP3ipHeQ3VNtoJlv01Di5Amgct4ctisb2IUdmEw6HssJZRd7f8zvwcM7nd-Tc43dpbChq5p2IgjDRXref32_PT0f0qk_MvuYIRp9DTawI63tK9QE1tMrRsh3g0S3OVsgsMZ4onlY9OTu9J4X6TxAXIKgp4qi4f5-BT77HPzzIiEck1QtIXbo4difUuaI_Km9iSnunV0W7-MZi0CbBGEE9J7O25t7FmiIvgTI7lNOcera5gMaJifyAV9Qj8Nb6DKJLy-p456Y2L5eFVic62mMFJLS475ID86rwQCxjHyYLA7z7ELIvkLGODyFDOy85fZ5wkmEO7_qMfvGs1rHj59yB5BZN857qzkAWtnKb1NkznouBUiyfXwu88Zg4WNGIBq2paU8buhLyGBqSG2ykhPRv97t8tcVFXQP-0pP21dSYUtXyZOESWu8zo9PoRHDBdYqzPk7b370ufqeFzqOtSu7JEzs_0X5CVXZlMsYPXMIPsUchPprmei5ydHC3uzF2K8-HmQJSfQHF3-OM6HO44-OlxIN0MA6cG32VyTVc6ZooNWsQlATSsc90lUzC0TYOKFicnyvNLxNEKdD44BhU7Y-s7J9XfFZHZEmBqhjEWPEN7Pg07vpuaR0gwPmcBmPau-OT8oT0BnVcJY8SMavHevoJTSLm-ghsuzKb_uXy564LmK_nUz56JzkdHbhK21lCkGeVSaG__kwRaaNkXdeXzoyYHYQb5662RNKI7FVPZY73wRPfonsibLC2ef3tXeAecJstSy4sZq__ke6Ty8u79cKXY6lgAOVzzdGqHRKpSvijMts5TdrhZ7fe-M2yk_P57tVU7V0FKt3EiIP5LkCyKYCPRzsWrpVArgDFHXONuOrcVrv6xgZb19kbKlkGdxXwAQEo71MzygcP6Fks1yu-xobyjYiUPrUsivtJM2RjcKXpUB6CJlXPVrvatDGo6tniQO-zW4Kd3R0QOZOqTqo09oEHFLkzRo56S4MlOz7Zqc-UwTFqyc_6bXhSVuGRYM6FBufRykCbiC1utaY34Cu9GZKP2IAoSWEVmArjOyTEPi_V1cWdqL8NVQLOTYAjRVnu7YOR0webBA9988B-wairqT_lUGwvTf3sa7Tte6H234OxC1fE3m_sSkTnFiLZsbsHWzwjVuzw-Q-ksP869rX0TvIxH5dEngefAy5iLB97MYbRG5PYBECkGW7gYpf1ep16ngInOADW7hG0rWxuJfmAGrW_3l7UE_5MNfiGjMz-pD-BTmPYB6FdYvPhkj0NaT3Ld9YMDeypktaHM2N9UULFUz9xfAu3zF1C9d-HoypSnT_pWP8ZtwAes6Ajv_8kp2wavFSjZyLdyReQEWIYMXGZnnEXYGnlXGK-TbOWhpam6Lx5pvPBLNcpSFiT-UFLDEHoOlvFAwykApisQFi-0dmmfHVOfHJA3lJRXFYcE7S_9mlabKk-gRVM5Lj3RTdLfqR8ROJfLdkZDXV5M&cid=CAQSTADICaaNueVN0qy5VjL00h2TeGPwZ430vKqKE14DPdyHKwQDKUIfwPnQjc-gsTIiOxUvFXbpC1BUAvPVfOdgDkvpPsldYxJHbbszH8kYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=2836309949514059000&adk=3062569608&idt=193&cac=0&dtd=35

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:56:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13951
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:56:56 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 47DC 30 KB
11 KB 64ms
63ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 19 Oct 2023 13:45:14 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 47DC 41 KB
13 KB 60ms
60ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 557463
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 06:58:24 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1DF4 42 B
174 B 169ms
168ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0vBx4MHpTCKMPHMVp-bV95EPBTKWoI5CXb2vc3UAIqIpSAQ5ppYtS_eNzjirY-JqWpHCoXoVaaxqJ9ova9Lr_ehSdYYxHv6ykwRbW8sqBeR4yhDrSHnG4zBr3gaLkcvf67N4iC_OwjcQ0ZyS-m4YLfsVIxxLGwCzxnCOwkeycGCMxKXQt0_ezwCgyvft6AHL8SkK_AhC6v8WYxAf-_cvnI1mY3PhqxvIgqhAbCi6_X7YSEtHOzFqPDRJANGGvm34ZjZJyIWeGJBMNgUkThocUgokvQIbHX3Qlm2YR8wnkgAMO2MLNe16jrBRUSSrZrts4RkVRwmlNBeQQfgUAqlFajKg16L4RX-XaYBH2Z0iiC9pkloWUB0FjYLVJf-DOh6BcGgqKTylE1w1o-7hkxwGtS2U6Z-x5xUkMl_8Zj3504YQDsxpmSNMahv4oVT0XVWCRKcVRRhG-js3wwYV-CBPrFo7VfoLjjCdbLhPpQYa1otHWhUCdEOZE0ToPf7uyf4TcaOnU74cp0Z91-KZflr_Rl_KGqgrlxabKTtLT1XYCJ1CIewXgZtH4QyKwMuD-Jfj5CV3kDMphxlgqlqEU9wBZgIeF8uLQMKdqW_A4M1FWRe8UHlxNOJRBVGq1DaLhM6Pupvkp6-dh25S4dtpEMpu4HdYtv0WkpQzeSzRGHb1DLqXkTm2MxJDf7Mn5GUW1JsaEIBftC3xzXuRuta1mzNaz77a9v5BMl19u6zrERbImGuluTzpyadb_ysvouEPIif2vSj2sEoPnQfS0eXHS9pYVuLLBllWrL8Vl8kGqaIMpD5aBLhjP6RPb6tALt1uiEFIr7mZu0fCv-1PD6TFOzu8LxspEX1S-NZvHRfPhkzKrJ48XINvXLLYtvvJ_Gbrq8tCdA2aUr6mO0yw_bTtOJCBH0TN6YxdVp9uBuyUC0wHzLDcXXKanOq6mmne2nFyIjv-JGQKEyntkYMWWnsmOhSdxjVg8j_8fb-XmR7kdZ-DD32ZLMKqTEK6tgFMtCDiU3vkrXS17gw16UaYGiWpBPOwvACfwpbmXnzPVfjFFHtsgdwPm_zRbAECBnul-jU6CWjeL_Djh2RLTQ1ALRYXR8K5fcHFucO9BkFFhMpryV6QE61j8iIFKwPmc06BoEfhdQ33Rvswy1CBF0SrgcmiKfOHF6klGwoMyqxnlzctdpVB7ak5q&sai=AMfl-YSdRUbiwoiOqLuO3jWM7RztaHxduyROjLv8Nl6tW0lXHSv1vMx4CVpOEEtMFPBq53-V27kz7y8CF9WTcFX5pZt6uqEhkK9zkvqlEo3JU17oxvqkY1AWd4ccuuvlVDLuS5XnjwjkN6PgV1Du4FZN9uHHStjgbyjbUGY&sig=Cg0ArKJSzOOnaNypAym0EAE&cid=CAQSTADICaaNjbqcxvchw8sOHRVD0NH5sQOG7617lrQ0oQu_fxDLn2Ds_fOmqV5C3FHTsEN38VbspqEH2H2kriKV0pqpoom05BEO_6klTjwYAQ&id=lidar2&mcvt=1170&p=0,0,280,1110&mtos=1170,1170,1170,1170,1170&tos=1170,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2300165494&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696528163527&rpt=2363&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2854 42 B
108 B 164ms
164ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssaWTsLvWk8LOXTdaYi2OJZ1L-7yKHqmwMzJrEhE2dGnxhlSM28bBNYmu9pPFrVc4vnqkRe9NHr2ZnqRe-BpLDtrCDW4Edt4QYOPIusAnqhLH0S2yxYrqN7TxwvxfXNhHa8CXzWs59C-2YZF0ODDlUFioECbM_cnFahTWvIUU9dJ2RNE9kh6sxiDgA_TYdqMckiYVdq9xT5JcPM1SZrcSn2OjJDEupPBJrZ2HDtWSwWj3xQyB9_Gdr_nSHuWDFmGEfKNZgkZK3fPe41kBZZpc35q97HfyGMN23qhWT_G-mM4XQTYwQNXcx6334XggnRfxOBMOGTznDi5-jWXiR8UNPI1G7bq7JbPbvYQEmwX1y_dk-cNcoklqWXI3E0Frp5LgjFc0JmG6cetNc-Co4P414E1dPQtlLUeFS4bhOnq8rCOKejGKHf6Bo0w2IjZQbMbyaLvOvuqIyDyZiTpAwyA42o1ckbnHW5s8VsVzV-ryGvwgoiKUq-y-sy4LfyJSD-CpnUlVrUhohrx1vmZcfbi2vCGpVT0R_DqsBLNj8sL4Kqf4ZAMY-5YyXJs9xCrS-8aP9NU5fCSMRKY1HZe0e-nP1QeDmSs4naCCzPbUlETr13iYh87hfuGeutwg_rkzpP6AJKIsFZB75sh-xHwwDxgoB-U4m2eTQkbW2pw7I5jH0x4ZYrOTppc6JngXBs05uFEFM0z5KwC-hJAn8igkTX_anaB8i81-FqSPgzdRxriMVTCMDzUd5Gg6Z3TpzBtaHMpV43qsDDDi26dP2dkSBctcOeX0MXlA71SJuC5qrMIOygTAV3JN8EqckIb6TscJumebafQs7h9c5ofn_VUvBGHOsoBP0Evq7UuzXkneZOEIIVPRKxThO9_7NM2zKr2BOR5MEO9B4IP3qjcgsVg-tL1JUrFS6vuyJugyfj6hwX0KvI2zZB43X6RhqLNmPUyBQd8Vr2z0gcKsE_hHWgmHysPCn1Zc61IKLhYFe4hejZBXAMYHSj9sjG1bD0M3y7toCT7CMErtoFfvJi_AVoYHDVehqfwm3A68hwN9H7rtm1E4cr2XEqvGEZu8u0A528WtgD-iaZxJs3pLM349sJl-vO0tytMuQOK5q7po6r7ijAfcd_CeHhmOes3uR-8U-pWmyJLA1VeVyIaes00Q9tnEMFvSqCjQSqon0j95nRUcrLsox3REyUdidDPa37brg&sai=AMfl-YQKr-sLWo5Be01G9lTUqVOR1OW-TK-ntRaUPQMGo4Oc9QHjj4E1juaXFrKkwYu6lKdNw6Z6EmV1Gp1h0tIqohFCUiDBd098a4lYls3cQmhWrnrI2OgyowuCnAz7KPFWwjgfyHD_v-z3VNehllXRUI5C2e_mXA23NQ&sig=Cg0ArKJSzMBMfc2Kgg-EEAE&cid=CAQSSwDICaaNdnCDvj5mkvp-DHzB1dq6JABKNYUSKyQxWNHbpt6s77Jrri8oWz3gzSLPO5lm8k7AG1Sj1WBD8COT6WMMfBAkZzmtqXm9oxgB&id=lidar2&mcvt=1176&p=0,0,280,1110&mtos=1176,1176,1176,1176,1176&tos=1176,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3654258318&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696528163538&rpt=2406&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E447 42 B
108 B 158ms
157ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaJeynL5zKi4MUH7WLZkh1yIcoJrealry2caLuSgAlZlCt4oW05l42x7nvDHL5-GjxjhXj4yK1_b7-Aztey6bVg4JaOMK8lpfYncOs_HKAJ-Zwd9ZOLGOiPVcwuDHk7S0-EYhazj_3hLjoUZeCIMLIogv-s8gbp4l92t1QmWQQ5c9zWCbc8gexpZulCUBCtoQzWwy4jOSVHwDLj28W3XwRiFkW3YM629cwYDjq_7oQ2PdhXKkcgR1Z5yKdQ_FhneEWR73GrLF7bgRQw6kBJvCabxNqvvNZeBveLsypQiQfWIAhQ74V76cIR7lFpdgkfm6V6-QgI3W7cnxfQ57rJtDoRe5wVOoZTH7oyY4fNLGh9n9Vh8rq-N4SkI2odlCOSWdM2tmMjJnW2nUzLATyjJvhBFBW_xKb3Cpbk9OSuGIAEf2vVfvmVSiJGVpiCZFbo7OeLdh-uTLbQ8XheOIPDRl_9vUHsVm08cPOsqm8QsEA9ke2cnHpiNTlgNetaUooN_aujFXhsphGPu5Y6Gfs9anZSc0N4LPwstc4RSp-NwrFkvhQXr3YFIckEIhNYH9Ufb6_Nf1btAy-Oq9CittFdcWQcF3pGTLcNSkLT2du2Py3IaYQkSC16SC_t66rtdTTrji-LKc1v9Y1infXGd3_mCHLN3gKr9F84FIlcnEpWZXB3Ab1VRd5ocszdfCp5BVwbV0eRgK96_6jaYJoU6QbNKxZFPovyF8JgTzS9ybBfTJMTG6kKekTUqdsGNctEm2B-_SgHaYI6Qsf-nGSDvk9Za3vgUpsKYs9fjDnU0T2tb_nEBiMAMRKPuiijxLD2zuWpFDBR8kcCmzz7lulWIp3bTYc8KGe26bHS6RWzn37mlGLFtuHZgF3Sm5qT5ksCEDEAvrDp0N-E9f5YJHW7V9zejD_3H4XAxUkjE3ZXoO1c6jgaBZK3tBZ-REx4pjpTwLxfkbtvOvervJwYwvHw8BaWwzgF8Pgdk5qbjzGmx3n5CJE0KBTgXl-ctxI2t0x-owQcikoJ-lU2UKjScesjeiLmYreRfDWiY1rw3DD6lj4TWC7v1M3gFsIL6maUoaD6_nZqTkv_dUWlQBYzTu_oal_3tDYrl2nWrfcJvRs5SvrqWcJmgR2CSphtG7nLDl1uaFwFUeR0OWzittLgIr2UA4Y-g&sai=AMfl-YRBkfapvLpAoV-KdN3zigGf1Hix9PPK97cl-tDwxkKQA4jnijtBKuBThk0uGGlAa0SDIUo7rsFqrPYkYaSaP7K6lxWguVc_2kPHm9DMH6A2vuY4u7JHGObkl-bZOCWpcFjbYQ2nVjMn3UiDr5AjU-FxlWS1H2S0Lg&sig=Cg0ArKJSzIyBG28WMiNQEAE&cid=CAQSSwDICaaNdu9Qk0Fu5CnwmzNbgwgrPXlGhVUodFoPLHUgeWnVC3KWy_jiiVL_Uvs6LVfzv98BIxTLQBXz6A1Xorvy8HGoIGNfnBgSyxgB&id=lidar2&mcvt=1100&p=0,0,280,1110&mtos=0,0,0,1100,1100&tos=0,0,0,1100,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0.42&if=1&vu=1&app=0&itpl=22&adk=2239653313&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696528163551&rpt=2431&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C56B 38 KB
13 KB 54ms
53ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 61376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 00:46:31 GMT
expires: Fri, 04 Oct 2024 00:46:31 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E6B6 22 KB
8 KB 67ms
67ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 14395
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3F9F 22 KB
8 KB 60ms
59ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 14395
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 23C6 0
56 B 158ms
157ms Image
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=30&d=1&s=1&f=0.01&bgai=BNFIBJvceZbfbGLqe9u8PzNy6OAAAAAA4AeAEAg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 17:49:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 78E9 22 KB
8 KB 82ms
80ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 14395
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1D60 22 KB
8 KB 92ms
79ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 14395
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame C56B 37 KB
14 KB 43ms
43ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame E6B6 37 KB
14 KB 86ms
73ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame 3F9F 37 KB
14 KB 74ms
74ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame 78E9 37 KB
14 KB 49ms
48ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D60 37 KB
14 KB 56ms
56ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
253 B 113ms
111ms Image
image/gif 216.58.212.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=7.803997879687164

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f174.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HsLF57h_WuzfNlh102-p5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:27 GMT
content-security-policy: script-src 'report-sample' 'nonce-HsLF57h_WuzfNlh102-p5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
518 B 91ms
90ms Image
image/gif 216.58.212.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=3.629039787153701

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f174.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HZo98AUGhDrUDR58P3oDxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 17:49:27 GMT
content-security-policy: script-src 'report-sample' 'nonce-HZo98AUGhDrUDR58P3oDxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET view
googleads4.g.doubleclick.net/pcs/ Frame 8D16 0
0

GET 7042430768889035606
s0.2mdn.net/simgad/ Frame 8D16 0
0

GET index.html
s0.2mdn.net/sadbundle/12162973243351611827/Hilti-Nuron-DE-728x90/ Frame 8D5C 0
0

GET view
googleads4.g.doubleclick.net/pcs/ Frame 23C6 0
0

GET 7042430768889035606
s0.2mdn.net/simgad/ Frame 47DC 0
0

GET view
googleads4.g.doubleclick.net/pcs/ Frame 47DC 0
0

GET
H2 200 17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js Show response
pagead2.googlesyndication.com/bg/ Frame DBD0 37 KB
14 KB 70ms
70ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/17MduF4b-1jBNLlm7tOdf7Y0xxmC-v9YXeZb_9D--DE.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/l1hm14eqg2a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 08:37:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33136
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14692
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 08:37:12 GMT

POST AGSKWxXvdOfCFkywRwDntroW7GmKFLg9WQTVptCxqD0coMz1RYJrGM8jRmNmsS7II9uNpIimIEEW4X-W0c7I3ZJGxewba8WxLgJj_DkT9IzblQOpS0YRbPv_6ag7aCQaPE1hP-irDlIlxQ==
fundingchoicesmessages.google.com/el/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: images.dmca.com
URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvvdDJXsoA4yPnlak6oeqDufUQ3vj5zxTS66vTmXK4qb77Pegu4DZCCRYbSDafmFrOUM95pYC4PBG7nS7YgizC9Kl57DyzHiGn8QIJVinhpXw0hp3AXiFVLS4ODL81SO7uPXY3GeqxaDf43lrxj3kKn6eEvSTLs5YpuwJP9OsaALVFx9IgwMTmhAkO17dL_WRtPncQmaPIa4JsjDx-yWh161WGz8Yp28BF2QKoUHsWLqhkWX-wJVWvkedxf1govZxKa72TVX15N8WSBZrTpFnSwbDmAErmCHu9xv8O5bh4z7DvPDbdwtbG_8areXuVQAfRT4l08Vzzev7kwFBuBJyhL3RImBxSmuDnrOaM2E501nmk3LJNWiF-_GP7ECMcWVv_NPTVl8WLURD_Q3oq_MvndDl7mfTq6Ef3a0StAMvR14xrgVZunuSApTTo8nC2_80a5xj7W0XLyP3b1S5VQ_rx8hTbID2e2ykx_IE3GbHKxvjF41viKhmaZQyg6O7zavSZIabyqX172v7rUx9gImwxDuNiN_hCC7Dm-4awxv0WhKdbzx5vn8TwS3OyrmbDw7E7Zg82B3xNFiXDjhnaWMUWDiLZpuQaNFTAfSRWDoG2xzj6jlqnCvpORy9RlPrXnh_k6VQjJHPmaWpuD5HyXwU2su5_YHa6y76x6nuzHBJ3k5a2VNPI17oEc1zAu0wJ9IcL3mekQMLMYsXgoqLZg5LWab4qOxG7eF7b-40VoBnmnqTX_Laxn0qmYx5UAcLpPdXbtaDuMp51QZnFGlQjvg2S42H5GMxY8dVZ-WI4RnHhUZYkbb3S1oZFMc2KholfxT_YadzU12j5iXbZZGzpeWNJvf4of7nxPDm2-U0g8lWpt2meKfuA9eaQ2xrJUCj6NcvF5cPthF4kcpOGzLv9EwiALfXESkVo-LB0UeAHy6_k1MvNfhj3tKnEsIm7ZSMMrGH41I_IRjUXUhfD1Ui1J0OUt8_IOAUB5e8JuHGUgZeN6iAgrVht9iiRLPljS9MufoNiaIIHiitNEtvQm5nM6Lfnsolv7p7f7SDDC_pbNDPTryyUxh3aLE9bzYK7sqGaDfJ81_m0BgGe_2xL0VTVBrqWU5BkDE3uuCjFt9PjZdT2ed47A185LP_ibTxbpBtmwXTHKhII4i1BhhRpH74P7XlBtrp-WyNpHvmAFlkUTgq-MRdKc6gUz-uaybT72QCyzl8YV&sai=AMfl-YR45D6o8XtvsP_ce3dXfr02KXG4MaQl-gp1Cy6jpO35StpYvAKvn0UwS7CKNXOAJhJzb-eCECSIYss0azcwG5FNyCWMei7eDZUcliyoc-vR4Az_8l0nzA9f8Tuce4h5GbHoQTC11VIPaadDROzYr_wl7HNMqKbK_piqCwzgIWUCrw4pAJNay8a24bcdos5wYrlI--z0lhCLNXJjyaRldy2r6BTuve3a9IYU2wgjgMQXwQwjmEUj2Msbggifv1XwmYxD8AEdUqkvxF9qi7CECRI5TEg4-a3mho6T&sig=Cg0ArKJSzCqs7ovScP9NEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1167&cbvp=1&cisv=r20231003.16429&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/simgad/7042430768889035606

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12162973243351611827/Hilti-Nuron-DE-728x90/index.html?ev=01_250

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssn59k403GcXF9C9PWRwKh7WReN3S8oxVlDaRRhjcBe8mit2CzpvepRXUoU3cxIHBC2FqWczkepsP9ynfXn6hbgNivi275D08rTabfG3EXNXueu6ZVb66pVcGqZ1XMqPY79tq2sXC0f_eFYfaL2_1J5fu6eQPXegNdBqifo5mEMgW4fxQ-gar1Uq1wztkXsRF3mod1fcIfkK6w79FcCQ1YIa-ONAaDmFUPrqojDNlFlCj0khUVdrqTSldbNsid-0NRsfW9Pi4429Naf8e02peMjIUdi42xCS89ab0HPMwERZ1CE_3zX5KOzKFATM13vuu5fd55JwCq03palVPXIS4ZRcHQkt9dZ8pH1Ge-kKDveFy6LRyaecpQF47gNYvVzjk3SJku5gyTk9duyVR_Op7YFRZHTlFzO7K56KDGXOyYH3Ys_imdTv_uvquvdz6VpR4XdCSwgOM-VJu-qexhfclgNsVjb4Hz3e-cI8ehERn2ITxOLYEF7yFcFoKlvPTpUrPfkNeP1VYKIFHyZOuy1DjVkZMMcw_eAA_JxMc4bKmAdsZ34RKfkgOadSWhLLSsOrCi8Tf_VFWizC97k1JF44kzsjp5KLFk_FnXCEK2XR3bZGwsuLvH9woQtDZ8ZANb0eHVH1F2U7KJUPRYrSQ9Yrz9qsYahkL1z-aD6hwsZ1dBWTNT7ZlvlVeFFasG3LGJ_wMDeX6ynBW9OsKHTzL0oOMG9UCEFbQaV800HpBTfZ7nRQ6cERhFM1GpCYlj2xq1ZVVu2Lg92u6S0WtNRN2WFzgodfogpah3r9j0BVNN11WxKTi9LxshKT4xutrxkUzJWAFwfKDWNzHLoiacLweCZUEu-9aP9i-628XcwQsE1LXRbmFplZbXq-z_kQp-FYzK7m2ZpknNouvlJET8b8Hh_CT0LseRA5_0XtwUSAth443cEOvTUTp7TDqNZbvkzNwWJGcFsOp7RZ-5Y_Ztr4ev4qJkVHT2M1yOk5XsHIkOEIfFQlgA9Peeubk0TlUMHUyb3GeEMHdarCbiQeQEOdssuayOAIeNehoGD4ddLG1jBJw2P35kaSOhA5-HWKrhaNEZNRms8Cg9_1ygqMGCkd6gWB2M3oWhks2P2JlaHGnOh8Pj-5l0xLr_0mx2Qj7jZw0xk_V1fLTN8rw31COWpnQcj102cjg1gMyT-dd06rw7tyBI08tDhmdAS2h8oOJdKKEGwgaJKnjV7cOCLj9AzFQYo3M5rJLQhJpno6BgMJJrbUxmb7X96mUZIXss5MM2joioNBxQYRes&sai=AMfl-YSNUREX5KfR4ApQC5JfJ24sIWDu27TqlkyMR34arPe6OuYWHEm4uFFJK51bsdcSJyVf7Gt8m8XI8OX9Nnl5gHUmApYP9wJ82sFBE_xPr_KFMw8I5bEoYOXByh3eFkZl8yHL12c6UaO-OF-_ug6jYtdIHwY-5LefzOyOBVsVoiQahQQQVIFEgjeapkg3-Xc0X41umELXp4w-sV8efuaFHY1rX7PuvT8GKr6yPjWWnA3NuZkyatnYtAjn80LXKgqagdc7L9kJ58HxlTl_eMo6DQZOCtVVSQzpJkdw&sig=Cg0ArKJSzHcFPnMez46tEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1122&cbvp=1&cstd=1114&cisv=r20231003.06101&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/simgad/7042430768889035606

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsun3SsTu9vZ5cWJ47hTRBpLiunin75wzIxYIwZZLR7Deomoof1w0odR38WeGvi-JJP7Z4Hk8lnPF7DPsPFr3I2pOFxxCux-KBn3w6vZIILIfLD131Xi0JLadTA2m_miPrhrLypu3ln4OL45Bw8OEOUxE71-RnWtaG3fPd7I70A3LEnItrO-00ztRi_I9gwe5z32EpNnF0tvpMrJ400s6q9MfTOc5jdv22AdyUask5Rol8ubIhvqFTd_fX2RU2_E-d1lZ_qLFlKrDK9XElfThuqWncavVCeyMYufkz0-PBf1H_j3OfWQCiFaY44LNSARkiKAkFU-UJXMSSpnu3uBsbOero2_NOoKE9AdZV7QCEE7YtOLDKREZMI6Ez7KPsTQt_um1eXS8XqqOsI85ZtJl_V9kkk-B9nE7qORZicvuJFau_Z9QQ0ttVbDhC4cmT65j45caQsXMjCsl0vipzLCfPW5wy4Ll7pMYFfNEezyLeuRdyyWsyD4ISqlE1RI23CYfuDRDoQ7G_fk1-2Qis6o189GUaU-TXaSm5zbu7oi9vlXto3OmHi9J0GKlinn5Gac9kPTLfxLTBgisA3jAEoCsdbW9r7-MITT37SR1FNw6FoPPCEC0M4bkfU-wzSeCgAOMuAYGrNyEDfdAzPVrJJ51mr1Zy2AiwsvDy_b4pmQOD3wtswp2iRq0DNTUTw6WnU2nyhh_1-nokZZ64CvaGCm45ns-MhYYtvS1RRvx9vBFgd1J35TSWLvNHyldnSnMY978BTWd6IwNjcy0BH8wjFrch8jOhhkRvyeORBECX5bvlEI-DrjeaJUp2fJ1ijdX9APhES6J8DUWLXdcVo_k8OUW6Mvza1dZZQX4kPQ8PzOreiqbl6OkKk2izqHXL_s-r-d508K2_tWpZ2dbdGl_l8U688ja2i05kHWEitHsDVilo8vjnGxjFOOAbOlfDkW1-cpAVNrLLQDYfYcAtr2h5vHKky6M2IirppKD4fmsl9mBRg6QmaneTjwwMt8vgE3mVakkhMHqpP2HL6LSbccTyJyS9Ro8JkJIAYwHbN38-Pm5M02pN7cKBRA2o0sjFLYl-MX715LcGl04OdHGvTtXcswfAslIFAQ7_pWSZtCIRD6_P7N-VVexNG-wSjPSC2w4gDUuPFwiUifz2rWFu_AM1c1QyfCp9BzHQXdeBe3ut3kxdiQvFs6vwfitCY0Z7JC7JSB0xBR&sai=AMfl-YRvFvdP9sxmlX1BqRao65YogucwGOeBqahHPGOtK2LGbYu5iYYn0ukpBD_kNa-Ljn-zKDesQeV7IGCGa7vcHT6cN70TYuN7lZc3I9_-Dkb5NCV7aZxYw01yYVJQ4IXXuZeaEhGSZy5MX_OcvP3m5GCdlqh7gxtDAo_jqW_9VK86JiaiRVgBzgFr9lpdgKQP5LJ17bouassma5GfNXNq8PqonUQzCLvgBOTfkQb8VIT3fVh8W-L5_V65uEYjwmFO4-k3fCvJ7nX4CFMCzNszb0wdVM3LTeRkOQW4&sig=Cg0ArKJSzNVhE_HZR_0PEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1048&cbvp=1&cisv=r20231003.70015&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Domain: fundingchoicesmessages.google.com
URL: https://fundingchoicesmessages.google.com/el/AGSKWxXvdOfCFkywRwDntroW7GmKFLg9WQTVptCxqD0coMz1RYJrGM8jRmNmsS7II9uNpIimIEEW4X-W0c7I3ZJGxewba8WxLgJj_DkT9IzblQOpS0YRbPv_6ag7aCQaPE1hP-irDlIlxQ==

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.file-upload.org/	1969-12-31 23:59:59	Name: lang Value: german
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Thu Oct 05 2023 19:50:21 GMT+0200 (Central European Summer Time), path=/
.babup.com/	1970-01-21 00:51:28	Name: _ga_3T7TKCZCC9 Value: GS1.1.1696528163.1.0.1696528163.0.0.0
.babup.com/	1970-01-21 00:51:28	Name: _ga Value: GA1.2.1414964779.1696528163
.babup.com/	1970-01-20 15:16:54	Name: _gid Value: GA1.2.746118330.1696528163
.babup.com/	1970-01-20 15:15:28	Name: _gat_gtag_UA_119779859_1 Value: 1
.babup.com/	1970-01-21 00:37:04	Name: __gads Value: ID=3dd1323b11975b29:T=1696528163:RT=1696528163:S=ALNI_MbJ6CP1rqpn2ITH6pxNSwsEqyB_aw
.babup.com/	1970-01-21 00:37:04	Name: __gpi Value: UID=00000c8e591bf41f:T=1696528163:RT=1696528163:S=ALNI_MaZMbxvPFmcgdgutIq514-a38PJmA
.doubleclick.net/	1970-01-21 00:51:28	Name: IDE Value: AHWqTUnO8ICbpxp82Cp0pooQYBLyRvd8BuD2Oj0-wq_GJBSTN9KrjiGDKqnGhJUusHo
.googleadservices.com/	1970-01-20 17:25:04	Name: ar_debug Value: 1
.adnxs.com/	1970-01-20 17:25:04	Name: uuid2 Value: 4091729552234222935
.casalemedia.com/	1970-01-21 00:01:04	Name: CMID Value: ZR73JrtbQoTTcAs7ILqjIAAA
.casalemedia.com/	1970-01-20 17:25:04	Name: CMPS Value: 5147
.casalemedia.com/	1970-01-20 17:25:04	Name: CMPRO Value: 5147
.openx.net/	1970-01-21 00:01:04	Name: i Value: 377ccdca-8188-4ae3-9d34-2284d72b560b\|1696528166
.teads.tv/	1970-01-20 23:59:37	Name: tt_viewer Value: c282ceb8-a152-4d37-b17a-30d16b1a92d5
.adnxs.com/	1970-01-20 17:25:04	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?chQ-8_!]tbPl1M>e)ZlrFUfJ+tGXxomP1E7x=6Tp<E?UDhT%c`_U!=C>Q<9IDcO:]53If)y3KL9D3I?-.>HcaI

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://www.babup.com/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ajax.googleapis.com
beacon.sojern.com
certify-js.alexametrics.com
choices.truste.com
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
images.dmca.com
mts0.google.com
pagead2.googlesyndication.com
partner.googleadservices.com
partners.tremorhub.com
region1.google-analytics.com
s0.2mdn.net
ssl.google-analytics.com
sync.teads.tv
tpc.googlesyndication.com
us-u.openx.net
www.babup.com
www.file-upload.com
www.file-upload.org
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
certify-js.alexametrics.com
fundingchoicesmessages.google.com
googleads4.g.doubleclick.net
images.dmca.com
s0.2mdn.net
www.file-upload.org
104.18.26.193
107.178.244.119
142.250.184.198
142.250.184.230
142.250.184.238
142.250.185.226
142.250.185.227
142.250.185.234
142.250.186.161
142.250.186.36
142.250.186.40
142.250.186.42
142.250.186.46
142.250.186.66
142.250.186.67
142.250.186.72
143.204.215.67
157.240.0.6
172.217.16.194
172.217.18.2
185.102.217.65
185.89.210.20
188.114.97.3
2.16.97.41
216.239.32.36
216.58.206.34
216.58.212.174
3.94.238.177
35.244.159.8
51.15.15.22
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
0a213a51454ef00c2a68aed298d4db735a7d94db231146e754d45f45b47bf23b
0b77582a1da0a18e23cf71b72264c112921aedf0cf8b7c86425d771238b3a210
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cf2686bf360feef8d837bbf2a09a3d120ab608c4c3fd7131131e16ac587f58f
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1319263ba232b2109b366056e3c858b22e6ac63d7d5cc9832492910f9aa7a187
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1
1f15cf19275a179aa4acba62e328a392e8fa6a2a7e8ead864f777e9ec8d04bdc
21448bb551c6f10892ac5ae73342be31a13ba6c843354287410e0831b2b7b6d6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f479c92eb01b7574393452718246ebf933d5b361224381e47f84eb7b911fd99
2f644e3078bf79eca4234d29822caccd852d22c358fb156d7a8bba5e808b668f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3562ab80a46bc06e3f18de5a6f5d344de4f453958f937ec3af6570988b366d60
39959fdb588853d97dd2321280f421cc29d29a8e951fc166e6def2c1dcbdedcb
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3bfdb36fb003e8c850a1e48b5c182e6f3d5d711d4ab552a6e2b9b70419d6c5fe
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4863f6f9934fd6f63d5ee3b4794873d62acdfa2ef15bb6e210d9ff10148e55c7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
59091fd566bf0de940fc240154317384b96eda112c3d1af47b09abbbc7e0d13e
5be2e79c038f3f4d424f23dd8b45b615aba68128d7ad15a44ee40665ae5a6d71
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
70100e7a50e9672276fc11c5cdf4984e9b9846709833f4cc640acfe515c82c46
7245e00c4cc086cea10eb25e4feaaf565bb4544d3859ac8a2fff272b28d1d5ed
729bb9007929a8af5c6f300c99e7c5899043ed1734d39fd6f4e0361b94d1adbc
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
7a9cfefbe46e47d6971a5d4487a2ee0e9812cba5f76668be71ac25ab8d88d6ee
7f8d937ac3c24cd9099dccaeb3e160dba15d6396b7f8ada3ca95f9ef24633aee
81c260caa4dc24d0047e0f030486600681a1780ec3de4aa65836b03bbe140670
84580d510677a58d01a744c560aa2ed563755d8fd20ebb27635ab4699c304ca9
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec
8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7
8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234
8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074
9620d1115881c6600252dbea031c37b8f9f991b6f7b2f413fe43f035d9f81304
98f5f4235a7f7a6f59d29d53bc6003e1f05faeae04e1410c156b8ef2dea8e669
9cdd77196f941f48d6c9ec4b802d650c50c527d83b49733298388667c035d764
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
abaa01f6ba230643ea4adc52a649662bc97f6940f05ca8a9679a4c0200924b63
af0794c409dfdf5967b64064814087d1737eb0de2bff15fe4df3320bcc19b593
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d6f7a25672e2e1512d97b48e16549a1cd1453627cbc8fe7dba3db4d52c35b8
b7fac5854dc0958803be483b89e9a84ff5005d2e54aeb2bb3fc9996a927d6c11
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
bebe87a990082b3d13b4b7dfcd5fb7395f7efe4be97ed7a4cb844fcf87dba8be
bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63
bf8aac16eb63f5518b69756912878423e61ad64416a1506685cdcea57f1a1a40
c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47
d7b31db85e1bfb58c134b966eed39d7fb634c71982faff585de65bffd0fef831
dab2f109ea3bccf07b0deb9daf106a2b845af51897ea0b44de908fd375ea3f72
dc9c0e5a329e81d0a769c3e284b81454865143af7860093fa4cd00fd87a6d168
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e632c45508bd0ebbf5f44faf96149711ef0a747ddc0af5a57705339b98114c54
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5cb503882073a221bf38cf3f3dad2ac9ac42504f420f7866b625b039541a61d
f7345da29dfcbf2d64a329c5618d2f5f187e7432b21a321ab7923e7068809464
f8f4a12f18b5f1abdb1688d4a75e3b8487b01e7fad0ecc3da3198f8d6d41ec39
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.babup.com Open in urlscan Pro 51.15.15.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

196 Requests

84 %HTTPS

0 %IPv6

23 Domains

34 Subdomains

30 IPs

6 Countries

3034 kBTransfer

8001 kBSize

17 Cookies

31 Outgoing links

Page URL History

Redirected requests

196 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

www.babup.com Open in urlscan Pro
51.15.15.22 Public Scan

Screenshot
Live screenshot

Full Image

196
Requests

84 %
HTTPS

0 %
IPv6

23
Domains

34
Subdomains

30
IPs

6
Countries

3034 kB
Transfer

8001 kB
Size

17
Cookies

196 HTTP transactions
10 data transactions