www.babup.com Open in urlscan Pro
188.114.96.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/r8hevdwag7m0
Effective URL:
https://www.babup.com/file.php?get=r8hevdwag7m0
Submission: On February 15 via manual (February 15th 2024, 3:31:31 am UTC) from US — Scanned from CH

Summary HTTP 154 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 21 IPs in 6 countries across 19 domains to perform 154 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is www.babup.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time www.babup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7 28	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	169.150.247.39 169.150.247.39	60068 (CDN77 _) (CDN77 _)
4	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
2	142.250.185.136 142.250.185.136	15169 (GOOGLE) (GOOGLE)
2 20	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
2	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
13	142.250.181.225 142.250.181.225	15169 (GOOGLE) (GOOGLE)
1	178.250.1.17 178.250.1.17	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	142.250.185.138 142.250.185.138	15169 (GOOGLE) (GOOGLE)
3 5	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.217.18.3 172.217.18.3	15169 (GOOGLE) (GOOGLE)
3	142.250.186.46 142.250.186.46	() ()
1	52.210.186.204 52.210.186.204	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.6 178.250.1.6	() ()
2	178.250.1.15 178.250.1.15	() ()
2	178.250.1.3 178.250.1.3	() ()
154	21

28 188.114.97.3 (Amsterdam, Netherlands) 7 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.247.39 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-39.bunnyinfra.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

www.babup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.184.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.181.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.17 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.46 (None, )

ASN- ()

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.186.204 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-186-204.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (None, )

ASN- ()

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.15 (None, )

ASN- ()

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.3 (None, )

ASN- ()

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 158	679 KB
21	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 930236	464 KB
20	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 278	240 KB
7	file-upload.com 7 redirects www.file-upload.com	2 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 696	3 KB
4	criteo.net static.criteo.net Failed imageproxy.eu.criteo.net csm.eu.criteo.net Failed	41 KB
4	babup.com www.babup.com	14 KB
3	google.com mts0.google.com www.google.com Failed fundingchoicesmessages.google.com	106 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com Failed	17 KB
3	google-analytics.com ssl.google-analytics.com Failed www.google-analytics.com — Cisco Umbrella Rank: 45 region1.google-analytics.com — Cisco Umbrella Rank: 2000	21 KB
2	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 7905 rtb.fr3.eu.criteo.com Failed cat.nl3.eu.criteo.com	44 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	152 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 191	90 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 434 fonts.googleapis.com — Cisco Umbrella Rank: 48	31 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 16815	10 KB
1	adsafeprotected.com fw.adsafeprotected.com — Cisco Umbrella Rank: 951 static.adsafeprotected.com Failed	15 KB
0	cloudflare.com Failed cdnjs.cloudflare.com Failed
0	2mdn.net Failed s0.2mdn.net Failed
0	alexametrics.com Failed certify-js.alexametrics.com Failed
154	19

	Domain	Requested by
21	www.file-upload.org	www.file-upload.org www.babup.com
19	pagead2.googlesyndication.com	www.babup.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.file-upload.org
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.file-upload.org
13	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net www.file-upload.org tpc.googlesyndication.com
7	www.file-upload.com	7 redirects
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	www.babup.com	www.file-upload.org www.babup.com
3	www.gstatic.com	googleads.g.doubleclick.net www.file-upload.org
3	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net
2	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
2	imageproxy.eu.criteo.net	ads.eu.criteo.com
2	static.criteo.net	ads.eu.criteo.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.babup.com www.googletagmanager.com
2	connect.facebook.net	www.babup.com
2	images.dmca.com	www.file-upload.org www.babup.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	fw.adsafeprotected.com	www.file-upload.org
1	mts0.google.com	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net www.file-upload.org
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	ajax.googleapis.com	www.babup.com
0	static.adsafeprotected.com Failed	fw.adsafeprotected.com
0	fonts.gstatic.com Failed	fonts.googleapis.com
0	csm.eu.criteo.net Failed	ads.eu.criteo.com
0	cdnjs.cloudflare.com Failed	ads.eu.criteo.com
0	www.google.com Failed	tpc.googlesyndication.com
0	rtb.fr3.eu.criteo.com Failed	googleads.g.doubleclick.net
0	s0.2mdn.net Failed	www.file-upload.org
0	ssl.google-analytics.com Failed	www.babup.com
0	certify-js.alexametrics.com Failed	www.babup.com
154	32

This site contains links to these domains. Also see Links.

Domain
www.file-upload.com
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.com
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2024-01-21` - `2024-04-20`	3 months	crt.sh
images.dmca.com R3	`2024-01-22` - `2024-04-21`	3 months	crt.sh
babup.com GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-08` - `2024-05-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-06` - `2024-05-03`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-27` - `2024-03-21`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-15` - `2024-03-10`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://www.babup.com/file.php?get=r8hevdwag7m0
Frame ID: 0CCDDB2EAD72AE9B8DF7DEB3AED99E11
Requests: 53 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20190131/zrt_lookup_fy2021.html
Frame ID: E398B5721CE906E463F0BE775355109A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1707967889&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16~20&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888501&bpp=6&bdt=4616&idt=805&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7374792170404&frm=20&pv=2&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=827
Frame ID: 06C86D3356E66462783FE56FBE7E287D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774
Frame ID: 52DB891080394BEC6802556DE284B0AA
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776
Frame ID: F1E940758D7C9035BCCA90F97EFD6619
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888582&bpp=1&bdt=4697&idt=782&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=786
Frame ID: 7F1C2A435383BD0BE24685AC7586B80F
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Zc2FkQAGHZ0I9lmrAATMILfHwVG7wDXTLKxgvA&u=%7C3Qaz3zDgbe6aMWW8Q%2FeA10N3WTxDdS%2BpzCC4HGO%2BZ5Q%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqdhoxLfz-cNq3-pxKMVsrD8omUlRR6RplYhTIhsisz7L0uEg1YkYj4oww-4SQDtj4sk9RGZ5ZWLLOFLG-MS2CJcPhnDtEgS5ZfNrtxfKm8E3sHV7QLmCFrL7NuGTZIyv04PyqxWgO-SuKQf0Y0vWU70Duuy1jqWog2oD0ZLuHlrTBSVYNtND48kvwJ2XTMYyWkKs2NQQqQFaCYeoBEeoLdTe5u5wOtgDr-qlXQoAcGvB2Hkl8s0Q2GoMlXpS98CAMohc90bBjKy4SDKfGBTthwE0puICv5ptKZ2tHWV0fOhgWvNys3iqLV6V9uOJMpEbpwK5Co2bq32DXkwjzuSG1X3bw6gMNVitxBDZkUkmLveXZZeGX3XZsQkdj-kF4AcubplyFcMSqdh0qgeGxusZfYeVauqr44bzTs8PZaDGzRSh52G2GOcWa4BBdbUIUXHOaTfl-n2ztcnjHMPyQqX3rfDHeT0tOgpKoleCIIn5ugWB3572QEpPffmdmhFh_b-77rnc0x-cOMYvqxGx8z3IM0uCa8weowV7g-XG0WQ-bPKuGuVv9juioxsGTfY4vV31DvydxsiFMeTZ7I2Ptp_CNFsTm5qnvmH7_bEgmdvaR-vPA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCMKd1kYXNZZ27GKuz2fcPoJiTqATJntKxXIX-l_dwwI23ARABIABg9eW5gZQEggEXY2EtcHViLTkxNzY1MjE4OTgzNDE5MDnIAQmpAt3nzcyUALI-qAMByAMCqgTCAU_QArt7EflIUQ5NJHU-Rl3zH_MFT1pYX5YAFDMY_Lebkq3euH50dgRn9LQBjSrOl8e9SQKkKkMQdrNabixueBrvzHOkzzc0T0ZvGrEYQmhDtYXvkj3-6u3a2mDXYJSuNPCM3riLuxbWE0_R5mKvqvT-HDbSnJQN2Na-aIkJDA3_iMs5DiN_RyWaoBs-tQiw4-IxpzQPsscch7WivMA8zGO9KrkeX6e_7B_VCcTWOBOOd1Fh_7zDJvrWrPnGriEZ1PyCgAajidms2vbIhlCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAgAhIvf3BOljNkdeatKyEA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Bx3UxcSwP5FNIIZnMxqWrkgQKLQ%26client%3Dca-pub-9176521898341909%26adurl%3D
Frame ID: A5E01AC9C17862719BC18BC905C6723A
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhjMtaiCAjAB&v=APEucNXL1xFY-7MWC8exZw2TmxHcDmPwB4NHViMZ3OlQ9vwqtxlv286v8tTMxE-glWmiWODfkckL64eIOGxXtwAeq38ipG3E0w
Frame ID: 2AEBB2FB8888617A02B738A8D5F42836
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 0C1B5DAC51F94546C5BCB4D9B2F68A1A
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CCCEC264F678DAFF4C9F1A866D373B3B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 560333A9BE79062D2D239D25C447D14C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 2DB5B40BFDF0C21AA0BB348654996063
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1707967890&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967890518&bpp=1&bdt=6632&idt=-M&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D27997deff993e187%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MbQSZnZa1H0vMeMx9NFw-2CSy3uZw&gpic=UID%3D00000d58d355ca06%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MZ2o-V2ygmS2gTfD5-5vh0E1_ikjw&eo_id_str=ID%3D80865ea94c088d92%3AT%3D1707967889%3ART%3D1707967889%3AS%3DAA-AfjZA8F-NgW_QhmyFLcjY52fZ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGsnNTCBLwvy_WcCE5Ipp7-Ox0hhaUesgp1JZFGrngUjLXqsQlvT6usQItVnukTsbPzWDf_Qh_dO-GQCiLQ%2CAOrYGskS8OK_tRXsSpiVaXQuncTf9_rsO1Mi5mHPiDftie7P1q7fDJn4zLBm3HS72uILPUHFAFoMO-hZlusrFSUEcrPIwgwB&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=98
Frame ID: 2431A073DC37E7068942A49D094940CF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1707967890&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967890518&bpp=1&bdt=6633&idt=-M&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D27997deff993e187%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MbQSZnZa1H0vMeMx9NFw-2CSy3uZw&gpic=UID%3D00000d58d355ca06%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MZ2o-V2ygmS2gTfD5-5vh0E1_ikjw&eo_id_str=ID%3D80865ea94c088d92%3AT%3D1707967889%3ART%3D1707967889%3AS%3DAA-AfjZA8F-NgW_QhmyFLcjY52fZ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGsnNTCBLwvy_WcCE5Ipp7-Ox0hhaUesgp1JZFGrngUjLXqsQlvT6usQItVnukTsbPzWDf_Qh_dO-GQCiLQ%2CAOrYGskS8OK_tRXsSpiVaXQuncTf9_rsO1Mi5mHPiDftie7P1q7fDJn4zLBm3HS72uILPUHFAFoMO-hZlusrFSUEcrPIwgwB&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=103
Frame ID: 84D45F44AAB952D2D79AF4A77838EE4A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: A7077D06E36FC05702407CB000E42772
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: E783D3C18D111FBDB628DE44D93E6450
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: F5A448DC11BAB0268A76A32B96FEFA1F
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 48705CDBEFCEA3C20D71141ABA9DA7D5
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 49DF7203C32642D2334031D60E5502F8
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Frame ID: 9D8BDA346E626DC2C1239E5CD0EBFB20
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYkJqDggIwAQ&v=APEucNUpOl-WWi07KwYDyE_USpuepAdxxyhNVk8K9XlsKrPLoBkkPEihjIAO03huAkNPM8nFKi-zNq-hjJMV2Id4vFAhdxqyvA
Frame ID: 5F591D6C518550E784D000954CBF1555
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYkJqDggIwAQ&v=APEucNX65eVWoUvDFXhyJaposzOSmBTonIRGO0naxvLnXUS7goP4PvSyhtlY0l2tngCQSJxiEOtgO6pU8rePGS-TqVxGSvw6BA
Frame ID: 120ECC8C1CBA55D6ADFA40605B15E5BE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKiEfhDNoqSDAxjI-6eHAjAB&v=APEucNV92i7tTk1i19-HhXoFllYBk01SnXc3Eb7fZ9EbfurtRM_K-T4evMkkp38pC_pUAPGjUYiJw6Ypeqf9UXimusDtwwSOvg
Frame ID: 9B95798AA4D75B612D47D4749D3CD246
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 45F266DF5A3B72EE9297E7A6C5ABBE39
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/r8hevdwag7m0 HTTP 301
https://www.file-upload.org/r8hevdwag7m0 Page URL
https://www.babup.com/file.php?get=r8hevdwag7m0 Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

154
Requests

60 %
HTTPS

0 %
IPv6

19
Domains

32
Subdomains

21
IPs

6
Countries

1923 kB
Transfer

5482 kB
Size

13
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.com/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.com/r8hevdwag7m0
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.com/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/r8hevdwag7m0 HTTP 301
https://www.file-upload.org/r8hevdwag7m0 Page URL
https://www.babup.com/file.php?get=r8hevdwag7m0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/r8hevdwag7m0 HTTP 301
https://www.file-upload.org/r8hevdwag7m0

Request Chain 15

https://www.file-upload.com/mngez/css/app.css?v=1 HTTP 301
https://www.file-upload.org/mngez/css/app.css?v=1

Request Chain 16

https://www.file-upload.com/assets/images/logo_new.png HTTP 301
https://www.file-upload.org/assets/images/logo_new.png

Request Chain 18

https://www.file-upload.com/mngez/images/anti1.png HTTP 301
https://www.file-upload.org/mngez/images/anti1.png

Request Chain 19

https://www.file-upload.com/mngez/images/anti2.png HTTP 301
https://www.file-upload.org/mngez/images/anti2.png

Request Chain 21

https://www.file-upload.com/assets/images/norton.png HTTP 301
https://www.file-upload.org/assets/images/norton.png

Request Chain 29

https://www.file-upload.com/mngez/js/app.js?v=20 HTTP 301
https://www.file-upload.org/mngez/js/app.js?v=20

Request Chain 64

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1&C=1

Request Chain 65

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zc2FkbmqPcEAABOtAJ5q6gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1

154 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

r8hevdwag7m0 Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/r8hevdwag7m0
https://www.file-upload.org/r8hevdwag7m0

27 KB
7 KB

856ms
115ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/r8hevdwag7m0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83c2c2e800e5e666e06c5e5c846898634bc001c83ef57502b9a811c24d59b9b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 855a7a3688400c89-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 15 Feb 2024 03:31:20 GMT
expires: Wed, 14 Feb 2024 03:31:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcmVdwKu3Hb4rSWG0rEib0exwC2i%2BzV4GqSQ%2BX0fNNmtZyRCynwazJtmXQqASCIPCmXdCeUyQVaetD4i7Q7z5mnTXP7TqvPVLEz298EukJPFV4ZnLQjheiMbifhFB3geyFEIfGgE"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 855a7a306fad6676-AMS
content-type: text/html
date: Thu, 15 Feb 2024 03:31:19 GMT
location: https://www.file-upload.org/r8hevdwag7m0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMCcNnEmVLwXDOYtBDbQTaC2SnIFpWVetXe7j765%2FRUMEqoqdK%2B4NgyxIfrvUaPeLCuyL1X1Sz3IuKsoZcTVmzahJo9LkPvxXSNQYpCz46%2BllKVU0bPcyVQBOm0sd8fOxspCKgiI"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 554ms
552ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:20 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2567593
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIJq%2BgjFca560aSe4LiTfnACsmj3VVtbRKQZT%2BEQ0%2FGBvnt0lV8OkTjWtxhyQnxqck8eGRw8at9QsyDKARWueR%2FikJ2spuL5nYkMmUDofS6uBTKlECZbNFNUWVggkoCig%2BFcphWy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 855a7a37485a0c89-AMS
expires: Wed, 17 Jan 2024 10:18:07 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 1426ms
1424ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:20 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qrBYeuZ3opNJ0NbttBBSu%2Bt3QjSKbEIARIv2bf0i%2BxR2Zr%2F7CjTCNGmQQj1HaORCuHs8%2BE%2Fy%2FdbpTlPEoPIfimUOMHq3oebrHUzp3m90jGBV9ZoWPhm8aLS3cuL34c3vbSQQsynE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 855a7a37485b0c89-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 362ms
362ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1818359
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhTlVa0%2B1saQNPCEiYzOISPm6LplQJ4lukOSU5LXwplNdJAcCVXWojTno%2FYFDuK3z7%2FWDnkPJRpwkQc5FGj4UBiNPCfutp00azX61h0mzUfDT1gZPt%2F3f2wRKfpOWtzC6CqIlyoq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a37485c0c89-AMS
expires: Thu, 01 Feb 2024 02:25:21 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 273ms
272ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Feb 2024 17:53:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65c66685-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fg%2BRb7b5r5yTQIUM%2B2%2BPwxyMw8JRP2YkSGPU%2BjWaSb6yD%2BXEfKlbRtkmQdv%2Botn7jvuOcxmX2W%2BGS23xU8BbcKJzOXwGYxcTfXfXxfsoZKI1TXjQipxuv3Dj8xyCQ2lolTrR2sM4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 855a7a37485d0c89-AMS
expires: Sat, 17 Feb 2024 03:31:20 GMT

GET
H2 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 1245ms
1242ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5278660
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DP0v2htL8E%2BTiciNvWl42g7txnNOHcKanDOpqobqXP7LPD0Ihh7BdYgMVqj%2BuGvsIK2NpWFc0QaDyiwbBmjgKYdLEHHy03AsSf4owNxJUvJXhe3CXJuHq%2BAIcgQrZxWQ6i9mbdfv"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a3908750c89-AMS
expires: Sat, 23 Dec 2023 01:13:41 GMT

GET
H2 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
1 KB 1094ms
1094ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1434315
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwaLx%2FAykPWApTGFoY5O1krtdmu8iqVJ48dEkgrUl3o7xIdrHk7IGrm8uZAqtb9Hx1c5LTnVScXZ1MwtDgvxnCkUOT3rwrvmCqLkxlLL3HiQHThDEu0OdYUuRi7Qi8jMFaU2nQZ%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a39f8870c89-AMS
expires: Mon, 05 Feb 2024 13:06:06 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 1090ms
348ms Image
image/png 169.150.247.39
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:23 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 13519771325648d03d70a82ca8646d12
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 65ms
65ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1434316
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TJQRv81YWl0zm81vYNbUrxZKcSYwqxCuWKchj04FAWWiM4IYRvBDQJCM1%2Fmbcm1REUyi9AYaW2TV3KziI%2Bxj8k%2FfxOPWf5LoWvk9jtjihcJPDXCBb7qkluoquj8Z%2BB78AtXYgWvR"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a40d8f50c89-AMS
expires: Mon, 05 Feb 2024 13:06:06 GMT

GET
H2 200 Primary Request file.php Show response
www.babup.com/ 23 KB
7 KB 1481ms
433ms Document
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: dbce81774e43c585243fa5f01bb8ad3603759e627ace5a638a13a4b1597f2201

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 855a7a47c99eb987-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 15 Feb 2024 03:31:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThlX5wHMe4x4FJrodR7459RM5lJO9pTgI9SkpkyFT%2F00YaYoQzTJB0dlX5KAVdxg7h%2BgeZRAPBN5Ql4XeSlPgcR0TC5kiisP2mYlFVk3dUmIwROKkCQDwIWVqgoQ2X5s"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.2.34

GET
H2 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 248ms
248ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:22 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4134483
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TS7grqPPS3u2sE%2BPcbx%2ByPSKhEmyX2eBzbacCe3hEwok%2FbM2nCOk8YAJRAfmYeHnnQAqyIMUdEzBmh05OJDW6yVaDka04WSOI6KOVvFAZyaZHnDMBvOPRvwCya27KxzCwBvxhPgC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a4128fc0c89-AMS
expires: Fri, 05 Jan 2024 07:03:19 GMT

GET
H2 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0 1376ms
1376ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:22 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5194
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lAy4A2IjAZ6OHwwyCz73pvRXSMF2FDYZ2p7aNZDiWVi%2Fssfh35zipGcXIBWXMWTYQiXakMunn0PY8tTEonGSAcmHYFge2Vig%2FM4OEKiFOae9075i2gnEvztZSw40WcEF5mFzx5k"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 855a7a4158ff0c89-AMS
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H2 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 863ms
863ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:22 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5194
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYptxViBqwckTfcLrx%2BZAjFtMlkZRwvoTmp6nwObyYVEpbLSeU0aFblC9S0Vunsmjh2kZahX2xtjRMmPfgRh34Fweo9%2BtHgmHmDOqXN3ybOk2Z7dcra2HWX7BZGDwnKluxHYJdwi"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 855a7a4159000c89-AMS
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 0
0

GET
H2

200

app.css
www.file-upload.org/mngez/css/
Redirect Chain

https://www.file-upload.com/mngez/css/app.css?v=1
https://www.file-upload.org/mngez/css/app.css?v=1

247 KB
41 KB

86ms
85ms

Stylesheet
text/css

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2567597
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZoHESIPld4ookzCaLt8Ep3bPo6%2BcdxulbSxO9zogrxGmhV0cK4KLjUlh%2FZ6j9EUMQrRJZ7TTEm8ClBAATkIbF6kBTMPJ5sRXNDNbTHSkJ8qsLfDI3ayzcZIsXmKt1I34Y6jJvKsv"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 855a7a4b89720c89-AMS
expires: Wed, 17 Jan 2024 10:18:07 GMT

Redirect headers

date: Thu, 15 Feb 2024 03:31:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1065
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T50VI7onizfM4lxYKxn%2BqxvTKeRRVxbzIoFZraXzmp9J7Sr%2Bwm2m3WTSKHoXl0pIXXwy5GJmxyR1kVAnGWcFu4tlZLTLnypG2sPIOtQJFxmQzNdxQWjgnVjCWZ0WwjPZ9mbLPTQs"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/css/app.css?v=1
cache-control: max-age=31536000
cf-ray: 855a7a4a7a1b6676-AMS
alt-svc: h3=":443"; ma=86400

GET
H2

200

logo_new.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/logo_new.png
https://www.file-upload.org/assets/images/logo_new.png

3 KB
4 KB

276ms
276ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1818363
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BARr%2FL%2FKjj2t%2BImHcU17bWjv39LhwgMlTq2fk43koDU2wVtUIqpU2LqzmMvgV4Y9tetEDqpKQUxeuYFVvn%2FI7mHoW8FBxyd0HasEFL5D%2FtltvTytpNeowaC6kBJDqagiZdpoMR5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a4ba9770c89-AMS
expires: Thu, 01 Feb 2024 02:25:21 GMT

Redirect headers

date: Thu, 15 Feb 2024 03:31:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1065
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sP68MEVgHR%2B8CaEWBET2beaaTxs9sAipm0BcAgRYi1CEWL04jeunGq3K%2BxYUSe5LcsIJuMbjuKTri4b%2FQ%2B3gJwP3adJKPBZdJ4gaz3XSdd3%2FG17ggfWKnK5Hs84lxfRnwxE8pa6s"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/logo_new.png
cache-control: max-age=31536000
cf-ray: 855a7a4a9a316676-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 183ms
181ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/file.php?get=r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Feb 2024 17:53:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65c66685-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXV3XBS%2FeC2uroZlV%2FcvZzuLbje72imJprjoJcMeEBA2Ype932W%2B%2Fu8eCID5Iim9VzyLhKOU2tnF1Sr3Bef%2BnmReIRJFDbo1VwyV3kPjdls4wIaGYQMg0npjJ8alpVdY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 855a7a4a7b6cb987-AMS
expires: Sat, 17 Feb 2024 03:31:23 GMT

GET
H2

200

anti1.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti1.png
https://www.file-upload.org/mngez/images/anti1.png

19 KB
19 KB

219ms
218ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5278663
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSWOoYpDjjsbPGyqENF0w2m2jLeXpNoQbGyOJyjttvLyJmZRTRrIWYnG%2BuOQthFRhX0WpQNU7a69Tj2m9RmKykTRxfTRM5cmd0xdjjBuAUoix%2BYRdHnxafpx2grVCM3lOcMPrVNO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a4c097b0c89-AMS
expires: Sat, 23 Dec 2023 01:13:41 GMT

Redirect headers

date: Thu, 15 Feb 2024 03:31:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1065
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ti%2FnyNyh8O20DlV0A4QYzlPXVq1cHkzJ7rckSxKPmN9JCsZDcEhiadAufDZKC39ShJv6WMOU7zbZ82pqknFJt6dWTnMxgm5ZT%2FTbq0KPT9q39N%2Fuw3sQSL681ouzFzoLkyf8fc7"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti1.png
cache-control: max-age=31536000
cf-ray: 855a7a4a9a326676-AMS
alt-svc: h3=":443"; ma=86400

GET
H2

200

anti2.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti2.png
https://www.file-upload.org/mngez/images/anti2.png

641 B
1017 B

153ms
143ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1434318
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vLeujC8IbMErC6qV6dNNV3zO4YYmoiWl8Jt%2BkZGoftlD0PQcmC83O76kT%2FZh7c9xDyn%2FF0z9cDN%2F%2F7fRPS1cLZATCLvE%2FzDd9n7oGngKVBIKTVvEdoNtV7VFqZgQXN9tJkLJyF%2F4"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a4c79800c89-AMS
expires: Mon, 05 Feb 2024 13:06:06 GMT

Redirect headers

date: Thu, 15 Feb 2024 03:31:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1065
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FZV3eKDEFELhBM4802rO2ZydiRyPycHRysAEpWDtnAwdY8M5d6Wtt6Iu9Uom4zMAQ69I9CMyLD%2Beo7y0cMs%2Fubx7w0k8Xzs%2F%2FpZbQySAQYFwXIs1waewQupvs5GqwG%2BZaYBVFMKu"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti2.png
cache-control: max-age=31536000
cf-ray: 855a7a4a9a336676-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 143ms
142ms Image
image/png 169.150.247.39
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 7339827cf30e10c91001bf7fda669a53
accept-ranges: bytes
cdn-requestcountrycode: CH
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2

200

norton.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/norton.png
https://www.file-upload.org/assets/images/norton.png

5 KB
5 KB

121ms
119ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1434318
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4X5fuXLVs2nZ4tEv%2BM4FlEzcy4dPI8d32GvcxXWQdKikl8yUW4un4w3TnGjGWVshslj8SeeyUuaFwrKf%2BjPfkjwLXVNGMH%2F%2BHh%2FpftOFpy5Xv1ZC9ThZAF8PNxHv%2BAr6pw79EaW9"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a4cb9850c89-AMS
expires: Mon, 05 Feb 2024 13:06:06 GMT

Redirect headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1066
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p8p8Zl074JKEcy3s08Y1x6I8Qck7AAHsbDSOpjD94aBkO8wSFsYkVRP8CHmUHXbkmyCv8Bv%2FXlzGxaHdJjc7kB6%2Fm5bRvKH41fejPVKPsNgrFnSm45Fu85qpeDN9eUkbBk3uTwgD"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/norton.png
cache-control: max-age=31536000
cf-ray: 855a7a4beb0e6676-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 rocket-loader.min.js Show response
www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 57ms
57ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/file.php?get=r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Feb 2024 17:53:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65c66685-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHuj6%2BmpjlhRCj2j5DLx8j%2FgvkdY0sodfX4J9NIfTx9zlKtq6CLnKsg0wd8D%2FNMBRGAbjHvjzHmB6robnsNJ7xXVRF%2BMfj2rxS0wJczWmBNm2WCUFicJ%2BlBf1SIdfDg4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 855a7a4cbcccb987-AMS
expires: Sat, 17 Feb 2024 03:31:24 GMT

GET
H2 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 58ms
57ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4134485
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E22gOz27WcMuqDTRmb2h0Wr9kl0KsPOro0bszQIQxusoG4TREik7Nc3U8SPrNYuy7CVZqg7VJlrcThOiaplWbb7NXO27rIP7Il5l%2B3CZBf4Nr8mrOBMRUTZHnvf5j2%2BGSEYn32sC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a4d89910c89-AMS
expires: Fri, 05 Jan 2024 07:03:19 GMT

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 791ms
88ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

c315c0592e1929436d79804eb58e709339c72e49ad30906d6393a49a542ca99e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51375
x-xss-protection: 0
server: cafe
etag: 6521526295665596807
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Thu, 15 Feb 2024 03:31:25 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 798ms
96ms Script
text/javascript 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:49:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:49:49 GMT

GET
H2

200

app.js Show response
www.file-upload.org/mngez/js/
Redirect Chain

https://www.file-upload.com/mngez/js/app.js?v=20
https://www.file-upload.org/mngez/js/app.js?v=20

235 KB
80 KB

88ms
88ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=r8hevdwag7m0
Protocol: H2
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o93v6w%2B5roTglfVrYB4nc35BhsYZ2%2Fm2wykxCThxEuDNoGxItGcHw%2FmU%2BRg6PI1gcSVt9eDwTPwxvrqvZbunpm%2FZczx0yzu%2BbvoR%2BPQDyMeJaPbdAQHxul6HLcIFBUzxpxk%2FNOw5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 855a7a4f69c40c89-AMS
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 15 Feb 2024 03:31:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 656
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CY7VZ45p6uOaElwXMObMX5na8ra9smIa48RT7%2BOMcwwuIMJCazojQWd9sVXAvtMT7B45ES7dGG9dLfiyI%2BSEuFd3rEDrs3FIIWtHdA333789eS1txsKwe1wF0CjHIhTM3WA1PF3"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/js/app.js?v=20
cache-control: max-age=31536000
cf-ray: 855a7a4def276722-AMS
alt-svc: h3=":443"; ma=86400

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET ga.js
ssl.google-analytics.com/ 0
0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 795ms
101ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

8bd60dede8af26a955a783c43219156e6121feac7cef6497ed9901fde83ab733

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Feb 2024 03:31:25 GMT
content-md5: VdJoLdU4yq1b+AppkkMF9Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: XtSNPZlNVSVlvspo5V+yW+nZpk7BZAlLpNu4c6m4hekCHH8Hyg+BMQm1RJllIaLyE15vTuH08PU9k0fpea13FA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 772a12abdb2663801812b5650647a9fa
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "f5dc5e02793d6fd814996fcf290e23fd"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 15 Feb 2024 03:37:46 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 298 KB
87 KB 764ms
92ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

0312337a82eb1a7fb5f775ad953b4e3b91ebcc539fd781230a3802e9c71cc983

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Feb 2024 03:31:25 GMT
content-md5: rnD3UWANGnF99aKNBoPfGg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87208
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: X7rrZ0Xi8RWTYQ+u37MkVDuw1byIhu8BBvAe/hJwJDhAkARUUfyfxj6DnyHHaZ9da5PFnXrcQ2Y3m8b3rdlMEQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: f38542621e24504601ab7a8694353666
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "a48ecb78892e40d4f57a665e03a16a33"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 13 Feb 2025 17:31:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 193 KB
70 KB 764ms
93ms Script
application/javascript 142.250.185.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

65131cc59c10eafb0f800f607298144b6f68e694fb828569f097f39064f3b4bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71176
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Feb 2024 03:31:25 GMT

GET
H2 200 blockadblock.js Show response
www.babup.com/ 6 KB
2 KB 63ms
47ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/blockadblock.js
Requested by: Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/file.php?get=r8hevdwag7m0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4876
cf-polished: origSize=6947
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 22 Aug 2023 10:11:48 GMT
server: cloudflare
etag: W/"1b23-6038039110a59-gzip"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NK2LdsFuYFAuBwED0y3OYWPnG8BmPZSc%2BNYAC7a%2B9JgEbUhgNNGtuKTODT6ELkY1RUFhAQoLvJycx5xZxqv8MaWEPOAMY78SoEa%2FVZL%2BZ2Hd5%2BVb7T7efFHeq3yi8IpT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 855a7a4dfdc1b987-AMS

GET
H2 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
10 KB 81ms
80ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4017258
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7F6EWGc8HyQJViXgUmFjvQuCNFCC%2BiBxNvb%2FtYyHOE2hlYAosC2sYcl9NC9L5GZW3alVhVhsBThiISG3qQHvNj2h%2BcOG9HP1d5IhRRlPS3NRyhXsbO8XE4wBot1ekES95w5lcM5b"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a550bac1cd2-AMS

GET
H2 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
10 KB 74ms
73ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4017258
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OKF0%2BOxTO6EK6PCc7XD97NCdU4iT4BW8DN3gmc82X0Os857%2B%2F78nHmkVhLxW%2Bfg9lXifC1uFZ3bZLut%2BjsL0HhW5f6CicSg69tg%2FY%2BOwSLMSqrTWgOB9Im26VeGrEIHT2ulRrY6"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a550bad1cd2-AMS

GET
H2 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 49ms
48ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4017259
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqkDkci3nHTWHdVOiFjC0I24QJmCUTrVjlj5ML0L4ppmNISpcd2tgEPXY5l8n6d5rif7IBhPYG%2FSGXVjs7mCFKU0OZBK6loWoT9pODB5yrYrUNJNRZK1ZXxFMwGQicXJ4vfp0Nvf"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 855a7a66afb61cd2-AMS

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/ 406 KB
138 KB 759ms
79ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

cc1eb1ad3abbf4b1c82a499f652f6e1754681fe5dfbeeec1a612869d22b4db5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141054
x-xss-protection: 0
server: cafe
etag: 15086621929403568263
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 03:31:29 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240213/r20190131/ Frame E398 9 KB
5 KB 431ms
42ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240213/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 11691
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 00:16:37 GMT
etag: 3890843268177463596
expires: Thu, 29 Feb 2024 00:16:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 231 KB
82 KB 48ms
48ms Script
application/javascript 142.250.185.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

434bb648f37f996a35d2f96abbbe8683f471c1b486e2989665d66a2879a1f2c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83435
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 15 Feb 2024 03:31:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 432ms
44ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Feb 2024 03:30:40 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 48
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 15 Feb 2024 05:30:40 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
50 KB 52ms
51ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

65bfe29f1e223caa5eeee9c168a44cffd3d74b31b69e6001d25e542a64c94044

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51405
x-xss-protection: 0
server: cafe
etag: 15407868781450235428
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Thu, 15 Feb 2024 03:31:28 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
253 B 464ms
59ms Ping
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je42c0v9114416819za200&_p=1707967888523&gcd=13l3l3l3l1&npa=0&dma=0&cid=404958887.1707967889&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1707967888&sct=1&seg=0&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=6272
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
205 B 41ms
40ms XHR
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2005448028&t=pageview&_s=1&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1083126252&gjid=773999922&cid=404958887.1707967889&tid=UA-119779859-1&_gid=1166705376.1707967889&_r=1&gtm=457e42c0za200&gcd=13l3l3l3l1&dma=0&jsscut=1&z=727427286

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 06C8 506 KB
117 KB 981ms
980ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1707967889&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&aseiel=1~2~4~6~8~16~20&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888501&bpp=6&bdt=4616&idt=805&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7374792170404&frm=20&pv=2&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=827

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef464178c7e1d29335b1edd15ed4273210b3dea43f9fa646d9846d726b71b43d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 119765
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:30 GMT
expires: Thu, 15 Feb 2024 03:31:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 56ms
56ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240213&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

cb36301797a7da276450ba47cb1bbea88abb2e116d707d2bcf8e1dfe6f90a047

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12318
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 52DB 150 KB
46 KB 296ms
296ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

f667fc9f6632dbf8d0e796d57808346f4debf157db51473e39286e028832d42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 47214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:29 GMT
expires: Thu, 15 Feb 2024 03:31:29 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F1E9 25 KB
10 KB 232ms
232ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

06f5cbe3228a4b76a45cc17a2b4c763fd89eddb44a049a92048611abb62b4ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10558
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:29 GMT
expires: Thu, 15 Feb 2024 03:31:29 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7F1C 35 KB
15 KB 128ms
127ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888582&bpp=1&bdt=4697&idt=782&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=786

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

6c7b1936670c4129e9f721550413166aef2375f52f9168d13ebe2f42dca590ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14661
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:29 GMT
expires: Thu, 15 Feb 2024 03:31:29 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 459ms
61ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 03:31:29 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 7F1C 3 KB
1 KB 338ms
60ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888582&bpp=1&bdt=4697&idt=782&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=786

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 7F1C 20 KB
8 KB 324ms
45ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7F1C 204 KB
62 KB 31ms
31ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

0263ae4f7e587123e23dd226393d624068f51722610bf0cb53c56c7e1e680ede

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:22:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62867
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-7
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 04:22:40 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A5E0 118 KB
43 KB 481ms
90ms Document
text/html 178.250.1.17
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Zc2FkQAGHZ0I9lmrAATMILfHwVG7wDXTLKxgvA&u=%7C3Qaz3zDgbe6aMWW8Q%2FeA10N3WTxDdS%2BpzCC4HGO%2BZ5Q%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqdhoxLfz-cNq3-pxKMVsrD8omUlRR6RplYhTIhsisz7L0uEg1YkYj4oww-4SQDtj4sk9RGZ5ZWLLOFLG-MS2CJcPhnDtEgS5ZfNrtxfKm8E3sHV7QLmCFrL7NuGTZIyv04PyqxWgO-SuKQf0Y0vWU70Duuy1jqWog2oD0ZLuHlrTBSVYNtND48kvwJ2XTMYyWkKs2NQQqQFaCYeoBEeoLdTe5u5wOtgDr-qlXQoAcGvB2Hkl8s0Q2GoMlXpS98CAMohc90bBjKy4SDKfGBTthwE0puICv5ptKZ2tHWV0fOhgWvNys3iqLV6V9uOJMpEbpwK5Co2bq32DXkwjzuSG1X3bw6gMNVitxBDZkUkmLveXZZeGX3XZsQkdj-kF4AcubplyFcMSqdh0qgeGxusZfYeVauqr44bzTs8PZaDGzRSh52G2GOcWa4BBdbUIUXHOaTfl-n2ztcnjHMPyQqX3rfDHeT0tOgpKoleCIIn5ugWB3572QEpPffmdmhFh_b-77rnc0x-cOMYvqxGx8z3IM0uCa8weowV7g-XG0WQ-bPKuGuVv9juioxsGTfY4vV31DvydxsiFMeTZ7I2Ptp_CNFsTm5qnvmH7_bEgmdvaR-vPA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCMKd1kYXNZZ27GKuz2fcPoJiTqATJntKxXIX-l_dwwI23ARABIABg9eW5gZQEggEXY2EtcHViLTkxNzY1MjE4OTgzNDE5MDnIAQmpAt3nzcyUALI-qAMByAMCqgTCAU_QArt7EflIUQ5NJHU-Rl3zH_MFT1pYX5YAFDMY_Lebkq3euH50dgRn9LQBjSrOl8e9SQKkKkMQdrNabixueBrvzHOkzzc0T0ZvGrEYQmhDtYXvkj3-6u3a2mDXYJSuNPCM3riLuxbWE0_R5mKvqvT-HDbSnJQN2Na-aIkJDA3_iMs5DiN_RyWaoBs-tQiw4-IxpzQPsscch7WivMA8zGO9KrkeX6e_7B_VCcTWOBOOd1Fh_7zDJvrWrPnGriEZ1PyCgAajidms2vbIhlCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAgAhIvf3BOljNkdeatKyEA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Bx3UxcSwP5FNIIZnMxqWrkgQKLQ%26client%3Dca-pub-9176521898341909%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.17 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7e2ef5a7f1a0b8aa917ffe205e4fced340f49913298e22beeda28ba15561221f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:29 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=wL0VkPncOvSH2aGPlfiYeWv-BeXXjSUkSJnKA1T13wQgDdFXLv1vRtlCzEIXiosxL_A4xHEeEzW5CkMupbRKZqssvgaB-WAEeyMCQeiTY3Snal5fO1Uy6I_hiNXHCP_h1bGwDtBUywyu-nqTYcWxL9PnVNbluXZFvGgt18OrV4mXyWb4h-Bd7P0dLtYGpUjfrTNnX-RdwpPJGVebyu6BpE1SaCpOBd5Ut9qieyentr4vPOcwNOiUnSARkzbpAWkPAyC7hg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 42259452
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2AEB 478 B
461 B 47ms
45ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhjMtaiCAjAB&v=APEucNXL1xFY-7MWC8exZw2TmxHcDmPwB4NHViMZ3OlQ9vwqtxlv286v8tTMxE-glWmiWODfkckL64eIOGxXtwAeq38ipG3E0w

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:29 GMT
expires: Thu, 15 Feb 2024 03:31:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0C1B 93 KB
33 KB 50ms
47ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 03:31:29 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 0C1B 3 KB
1 KB 244ms
60ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 0C1B 20 KB
8 KB 231ms
48ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 0C1B 204 KB
61 KB 42ms
41ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

0263ae4f7e587123e23dd226393d624068f51722610bf0cb53c56c7e1e680ede

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:22:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62867
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-7
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 04:22:40 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C1B 42 B
173 B 74ms
73ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BsOhv5wHSQhelvYbrwnPIcRP_WqcsZGSKPjVReBdwCiSDbNyu_AWzb_A7-u-ppkDLvXtJ46YYj_s6HacHK1Ky-wm3rkzuE5RIIO-l994ZnI-BpASs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 52DB 14 KB
2 KB 453ms
64ms Stylesheet
text/css 142.250.185.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f10.1e100.net

Software

ESF /

Resource Hash

a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 15 Feb 2024 03:31:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 02:38:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 15 Feb 2024 03:31:30 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 2AEB 170 B
317 B 69ms
54ms Image
image/png 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhjMtaiCAjAB&v=APEucNXL1xFY-7MWC8exZw2TmxHcDmPwB4NHViMZ3OlQ9vwqtxlv286v8tTMxE-glWmiWODfkckL64eIOGxXtwAeq38ipG3E0w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 2AEB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1&C=1

43 B
338 B

45ms
44ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhjMtaiCAjAB&v=APEucNXL1xFY-7MWC8exZw2TmxHcDmPwB4NHViMZ3OlQ9vwqtxlv286v8tTMxE-glWmiWODfkckL64eIOGxXtwAeq38ipG3E0w
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NFaJA%2F2gBuw3GzaEqvEsIFpFY0iLANPs6XXlS20TtjhcZW6Gko6jfUIGg%2B6pK7Ldw1cg7jNMCCqT6vCJ%2FDyK2R7p9o4mL4kkoh96MaIMAjvQnhZjhHhbMUI4htIE0Tj%2BZT3zmkS4gEfRiA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 855a7a6ffe0c24c0-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0MfDmXtL0xvTB%2Ft4gxfQ%2FetPfcaJQSgvi%2BHUd8Izam09jb1RTGRWGhJ2cobE2%2BFAN%2BsL19F%2FA5sI2rvFTwMBBUU5AbsSoTsHcBhWY1GojbZFaZico59OdE2HrYt%2Bl2uHzGSx73mxwDtXtw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1&C=1
cache-control: no-cache
cf-ray: 855a7a6f5d1524c0-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2AEB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Zc2FkbmqPcEAABOtAJ5q6gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1

43 B
769 B

52ms
51ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKjk7gEQvKm3AhjMtaiCAjAB&v=APEucNXL1xFY-7MWC8exZw2TmxHcDmPwB4NHViMZ3OlQ9vwqtxlv286v8tTMxE-glWmiWODfkckL64eIOGxXtwAeq38ipG3E0w
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:30 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FUVYWdXbWXcXcuvsPf53OdhZfvBi0U4082uLvrQh2zn%2B7f%2FCW5s0SZdLE6tDIrZvJ2hfHE%2BtI2aqpdB3pTP0MsIuzeCGzwzEGvs%2FNP70b04EzEpq0K0ieK03LZikK1JNZc2cMweygE1xA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 855a7a70ac720215-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJL1zgiwyUsluzHySqJ_HnE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 52DB 2 KB
875 B 177ms
59ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/ Frame 52DB 23 KB
9 KB 167ms
53ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 52DB 3 KB
1 KB 173ms
59ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 52DB 20 KB
8 KB 160ms
46ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14490
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:29:59 GMT

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 52DB 204 KB
61 KB 32ms
31ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

0263ae4f7e587123e23dd226393d624068f51722610bf0cb53c56c7e1e680ede

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:22:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62867
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-7
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 04:22:40 GMT

GET
H2 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 52DB 36 KB
15 KB 437ms
47ms Script
text/javascript 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 00:44:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96445
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 01:25:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 14 May 2024 00:44:05 GMT

GET
H2 200 data=MOCELyCfqhiN2NDjcwxadBmLxlMV9fCcxF-PiIebLwj7ItmmpJot27WZBc4IqRwB2J4MjTRMHkJvn1F7oh2UIA
mts0.google.com/vt/ Frame 52DB 45 KB
46 KB 556ms
130ms Image
image/png 142.250.186.46

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=MOCELyCfqhiN2NDjcwxadBmLxlMV9fCcxF-PiIebLwj7ItmmpJot27WZBc4IqRwB2J4MjTRMHkJvn1F7oh2UIA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888569&bpp=2&bdt=4683&idt=768&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 -, , ASN (),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

8f5fc07d0d1a57905b7d89a057b1adc08ae8cebf14aab03b09370f7b952598fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=87
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46216
x-xss-protection: 0
x-server-version-bin: CgoIBBCCrIeuBhgB
server: scaffolding on HTTPServer2
etag: 06452bc820b3c8960
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Thu, 15 Feb 2024 04:31:30 GMT

GET
DATA 200
OK truncated
/ Frame 52DB 297 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 52DB 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 52DB 462 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 52DB 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C1B 0
58 B 64ms
64ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1096364730847&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C1B 0
56 B 82ms
82ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1096364730847&version=m202401290101&ct=76&x=1&cor=18147204320601506000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0C1B 109 KB
41 KB 73ms
72ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CAurvTBX9a-VpdNuNWF3G6e2eWNHcOBrybybKL_Ed_8bcNKelBEY-fesDCO6BX3WRBX_RrDsDdgVQ__T1sSwT6PUaFrRElprqPcNAEGHmM7puNrtSbbiVwpgE33rEteNSIhDO8DShkT9PJiFJFDCf46ZbuuJIklwBd-nhXU6GzKWKWv74&dbm_d=AKAmf-CXTo7FksrFctfzk6vV9t892ocOKxN2xgvQ3vykPyVxQW_VSQ2ZCYltjaDYHUfJYPd_mavetG2AgNU3Znqa92U3Lb9nOmSIFv52Q3uY0bmsTzfBU2Gi_Xn8XHoYY33o0zRWMQrVQNh5AWiYZM_bLGyza7CJxJtRjubDkFwiVPo-M5TF7FUq5aF_z_r-4hu9hM5n7ghleiQYsE_D5QN3S9H8Fpv_paQ1C5qW-4S-ARMOE5X9rQIimZzBQM9FJPElFgKcpviP69z41Xon1oLF1z1bS3n_uTe2tschwMviC5LG-Gymr4AfdSSGyTLie87rurFs9_fRC1Ut2D796M-i0KwO2PEmU2e04l18VO8fFwwMshG98Yr4n8vY3mkraCbSgG30afZTDzFaQHLKB_J0_CBpOlkI7XWduKUtHcapBYtiaXMuM4OnXAZ2CCdmqm75exgqRbThLR6tY5-VsPEB8aHZ0qkbyqV8VOFB5mGq7Vf0sxjjpEFMQ3u0zTGQV6Ht9Z0yTOd7eN6rRNwGQvlcgR_T5HCGPLS_ht2ddphRLD5kCOygis0arxQIkliD0ZxoX8pZ530UXtRbLVswJOGcAsaoBmMGKr3BOhAfJkU7wFVFCteLvSe3QaFWiFURVqIXg1CdPcXuEcUbrqj42mvz6JxWcLTxv_txIpXDNoHYaBG0BkAZcQr3h0d9Xe22gk6iDh7VRCdu4TvpZKM26r3ijzcWzhWD7VS-_LDk-MDXuj1Xiu7ost9g4mcXpmi7KQUL9TBkGUI35UZJk3mV4TKJ_SZMTLVCpbz5R7qXtSDMzXuPb_dN49DOig_Nm9yRWLdUUL4dbxJHtPAdCoKrFyvRMqNcItupJqCRWAkrWwMk5w0oSR_T_3F1_ROGQQza3RjFTi9UjkgsuvDJxfdGhwdRfCy6D7XzvlrLjIipoYhwhE_WGOXX_G0SSI9P7CxDCDgYljgoA8_TlW78hbfXoBxZPiiajZsv_tO9bN0SUDLghSu6xj4_-ce8CRwqJ_pQRSk3wY5GkqwGa0n1180nGlfwVjYYOFnFj3Jqohzq0i_Ha32ODJM5FJAlXq-DDFqBDnHrKdJsr9a-ygV193ZQrD8G_b9Ln7FRYdP3JSHNNKLiX9MSeOjcemaA-75FdW_NsuhlLsBvpv5W6BylP6gL8BXTpiXTYvBrqQ8NIg7PJAdtwy78LT_BOt35oUnDaOVmg585UlclhZ4DPQRf4BEcMb-Vgkde2qoPNKYlL5HR9kGCzhDhlA3RvNaQcpaUSiSE8ZKK-RLu4VedleNmkk1Fznpgbo6cN7f1mKbEPRSQSQJpYM69cgCuB1jO-if7l7lB8cusGnkQRoAy0n1xkkkvSBKEuEx48aFVCxKvGQtZQjMT2f8ObMQldxyaHC-_81iQ9crebLGvidl_d0DlwVOoXNEExh8E5PdcU65_rgOUBxd_LmpbCrcsF_JOVbQxuaNsmXbR7pBWiFrRNdp2GCuNliz7DNlFhNUHIdSHDK57woiCQzsL_nOFhOJMvsGVLCownsTCMdwsEC5GtNzZLhfZAGJxX4Kzf0F6mOR1Y9m2vEhF-KDVu6SnkI4U9F1FO_3e5JtxU9g14RI9sLnvzaLjaodwTpNlDJUDpCp_1_oCF__MSjG4cfDmkyucy31RS2tagXQJIvJeGjrl3BlkWVEkN5-_oyXe1hCGOzzY8ZFYqcEOOx40vfKj2PiSgd0hfuq7IXZIkEI2UffU7HqrpyW6BnVs-HohFx7nUKXAdaF2Ak-YtnCYfUVY-r-lomkUe1dpNxB1sMkYijDlJkBqib396uKwjeY_RjuEBg4Mehv2FX2Gpn9uNSpZ5j4dbtsCTFDow7z2Uo4uFLhGxYYC-nj7qmwBxvc7aCTqQE2Ts1fn5fjxKC0969-HPO6jJVx5g3AyPJblwMCNR7Ammy042r2RX3SUZOy9oKXpiV94-rbutL49EiwvjlBVFex1LByLxZxr1B3E9QRnRHjSi58urXIDPIyzq1n09YO5gPr9z77FPochjf5VlAROIq_pF2PYJYZ2l-bRUQeQCjb-e0311rdsat8ZjDwIpzelu4n0MEf4F-QeGaACLJB8KgC31PsDPu3xk7dhcXmqsC5UrlBx6ppfuGKO0f3ajBE0T_cThpwswALKByYghMr2cl5iqj2vyhy9cv_bQBriuIKvjIrITGndpz7EYzipFY6bCXmAVEWmSKGn6XDknHmM3QRslPn_RD6dVNjywMcYrpDoWOofE_H7TtzW3Eh2sb76YM30DvrhPqCPPscG7vOb1ZGEoVLzaJDRTLOPC5gyVPGhCzXDPOeHzQLNAS16P_3ZdJuy12D4GdGqWR9U_8crs0LqdiXm-RRvCjDhJbDkM7GfYUkQVwIYARpe-XZ2j6UGcMrWWHzwX4HTuEdyHcqkSeAF9-PcDZ0i3ZDu8_hE15Fwnw5KlJHifXDn4r_evLvQz-nJQOx1n9RZ_XaGKg813AYhpIP6Z4oqrruPt-K4bcJA030P-8CUh-OMiapAVJWK5ljoFZRkL-NuA6yOUUU97XagQNbK8KvRXlMER3SWeG6LEvTQMQgOONMOo_ZIwkQXOwxDamVIhTmOrk6zA4dyxhci0uHFyk30goSGyQAA-0vSG4_HpqS3Sk7Xla34h5zjXPZTQXEb6Banez2TwBSsrllsK8DT7HcDvave2tS8DLqLH7Ux42lrxszzemjw6e9CUT6dH7tcAMiXKZG4wGtIzJla8VLSNw7vICLz-fyYSr4rxUVvmOMEVXCH5_byraILkt4oyTbzou7oL3YACk6lwc_Dk8AbLtjKhI3S2RZi7VfkLn9KeD4e5fUT_Vl99GhT2g1HZRhhsvbCjQ1wHPyvv3b6MEnjvNiYYzJ6M51R1g2kikcJoofoQvGbgTqVMQqMYKVMatoi7vVmABE9GIkgpxKlF_oiIdKxyFgwtM5BOjHIaPkeZzrNRvAC9ayhL9D5dgGwXEd4FPQtceMAcj0WvDRVDtUsHHjPeK6H-qRb3aaz1WeKuuplBdMThBq1u2WJ5PLSd0vN319UfTpWR4x_VudkiaL2gR0TlMkI2L_T524VFGomXD-chV-fEAomCXe5qJ9kmT1tqLQAUkvazurRhX9eLRi6xG1qEB9VFRTfxvvAXUjwtxIrmgN_weF5Q6ZdC79BTp7svwivp6zTSJMbavag3HguXVWG2dcVZ_3kkT7HQJnf1xPFW0ZsCCv8gRp6GlRAC0JfwvTqfhoXNFFb0CiBHuldJw8UGRuKiQ6843GmG4D2FDUGIk8wVZyduUvxdD5tlCjhl9uACM9xSj4t52GxNUDWBOcgftly236yLZm_n-Wx2MH0H2gWXI7x8HU7DpRN1zQJejlFzOH_DWWau_eRiZPbmbuuQDHt1g8lp6rlPpiKiP0HHTZQefa0o_fYgqkii8_lARyCdNPh5PEhyPLkYu9qazyES90dMTG71Qnwkj16Jo8SlRGNupgrqCdXsIWRUPi7_x1UvqT8sFfvyFwPLyffwBPLYKQ-JuHkphpdmM7z-L_uxmm0FjYsSQOdRHPy7cRU6D7ijpdZjSqWFv5oVafBsRYMDpyIsmlIQn_ope7ax1zS1UNttNrbLnjUnjeoRKan0kpw7RqR61DjEBgC0hWWVTss_iYKR0UMTS5csJ78ltHiyVaOtzXzgX-y56LzLS4wC_KOhoGH4Jem0p06OkNS8PnHlH472padi0JCGj3Rg3GOrkUOmUEmQZxP0Kf_r1wS7ktsCBFaH8UEjCsACYtXR640wz5tO-UxCxw9qfmagMteuRnAPOuDn4X4CyfTrOTEWBKFdYKlKLX0mMSLyo2c_vHOVOangG0M8YueQxQamaaNedNiGRdvKrNyC_t6AaArcXi5mVKPCwaZMHxu-e7CGkbaGxo4EvZ8HGGVXR8qDV-Agjon7pAdOMRywlSFmC7VJLw-B2tVcpWG48CssxoQYY8qfpqCA-tymvJwYeCKST_AdtQwN_5RmrAyRU5MG34uLfW7eHwqZWJQ8xQ&cid=CAQSTQAvHhf_nP8E1Hv0nODGB1fgGAdDE2TMNwAKuiNm4nCMefMgPZfp6s9T_A1Lx_74He1fXZPHX6tPlOoCZjyCVKrcYh7Nm2t4IuPq9hV1GAE&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=18147204320601506000&adk=497053792&idt=53&cac=0&dtd=34

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9adfefea1ba33ec744296bd3226c183864a5d3a1f142129b590a33f88f4acafe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42351
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1931557/78088462/ Frame 0C1B 60 KB
15 KB 236ms
92ms Script
application/javascript 52.210.186.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1931557/78088462/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1015253999&ias_pubId=pub-9176521898341909&ias_chanId=1&ias_placementId=20889072938&bidurl=https://www.babup.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hl_tR_u3iM2SgOfsn_8y5o
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.186.204 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-186-204.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b95910f3b80776acda21a1937f5634d983294c4859d5fa789286ad2dfe67827f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:30 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 0C1B 0
0

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/ Frame 0C1B 12 KB
4 KB 32ms
31ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CAurvTBX9a-VpdNuNWF3G6e2eWNHcOBrybybKL_Ed_8bcNKelBEY-fesDCO6BX3WRBX_RrDsDdgVQ__T1sSwT6PUaFrRElprqPcNAEGHmM7puNrtSbbiVwpgE33rEteNSIhDO8DShkT9PJiFJFDCf46ZbuuJIklwBd-nhXU6GzKWKWv74&dbm_d=AKAmf-CXTo7FksrFctfzk6vV9t892ocOKxN2xgvQ3vykPyVxQW_VSQ2ZCYltjaDYHUfJYPd_mavetG2AgNU3Znqa92U3Lb9nOmSIFv52Q3uY0bmsTzfBU2Gi_Xn8XHoYY33o0zRWMQrVQNh5AWiYZM_bLGyza7CJxJtRjubDkFwiVPo-M5TF7FUq5aF_z_r-4hu9hM5n7ghleiQYsE_D5QN3S9H8Fpv_paQ1C5qW-4S-ARMOE5X9rQIimZzBQM9FJPElFgKcpviP69z41Xon1oLF1z1bS3n_uTe2tschwMviC5LG-Gymr4AfdSSGyTLie87rurFs9_fRC1Ut2D796M-i0KwO2PEmU2e04l18VO8fFwwMshG98Yr4n8vY3mkraCbSgG30afZTDzFaQHLKB_J0_CBpOlkI7XWduKUtHcapBYtiaXMuM4OnXAZ2CCdmqm75exgqRbThLR6tY5-VsPEB8aHZ0qkbyqV8VOFB5mGq7Vf0sxjjpEFMQ3u0zTGQV6Ht9Z0yTOd7eN6rRNwGQvlcgR_T5HCGPLS_ht2ddphRLD5kCOygis0arxQIkliD0ZxoX8pZ530UXtRbLVswJOGcAsaoBmMGKr3BOhAfJkU7wFVFCteLvSe3QaFWiFURVqIXg1CdPcXuEcUbrqj42mvz6JxWcLTxv_txIpXDNoHYaBG0BkAZcQr3h0d9Xe22gk6iDh7VRCdu4TvpZKM26r3ijzcWzhWD7VS-_LDk-MDXuj1Xiu7ost9g4mcXpmi7KQUL9TBkGUI35UZJk3mV4TKJ_SZMTLVCpbz5R7qXtSDMzXuPb_dN49DOig_Nm9yRWLdUUL4dbxJHtPAdCoKrFyvRMqNcItupJqCRWAkrWwMk5w0oSR_T_3F1_ROGQQza3RjFTi9UjkgsuvDJxfdGhwdRfCy6D7XzvlrLjIipoYhwhE_WGOXX_G0SSI9P7CxDCDgYljgoA8_TlW78hbfXoBxZPiiajZsv_tO9bN0SUDLghSu6xj4_-ce8CRwqJ_pQRSk3wY5GkqwGa0n1180nGlfwVjYYOFnFj3Jqohzq0i_Ha32ODJM5FJAlXq-DDFqBDnHrKdJsr9a-ygV193ZQrD8G_b9Ln7FRYdP3JSHNNKLiX9MSeOjcemaA-75FdW_NsuhlLsBvpv5W6BylP6gL8BXTpiXTYvBrqQ8NIg7PJAdtwy78LT_BOt35oUnDaOVmg585UlclhZ4DPQRf4BEcMb-Vgkde2qoPNKYlL5HR9kGCzhDhlA3RvNaQcpaUSiSE8ZKK-RLu4VedleNmkk1Fznpgbo6cN7f1mKbEPRSQSQJpYM69cgCuB1jO-if7l7lB8cusGnkQRoAy0n1xkkkvSBKEuEx48aFVCxKvGQtZQjMT2f8ObMQldxyaHC-_81iQ9crebLGvidl_d0DlwVOoXNEExh8E5PdcU65_rgOUBxd_LmpbCrcsF_JOVbQxuaNsmXbR7pBWiFrRNdp2GCuNliz7DNlFhNUHIdSHDK57woiCQzsL_nOFhOJMvsGVLCownsTCMdwsEC5GtNzZLhfZAGJxX4Kzf0F6mOR1Y9m2vEhF-KDVu6SnkI4U9F1FO_3e5JtxU9g14RI9sLnvzaLjaodwTpNlDJUDpCp_1_oCF__MSjG4cfDmkyucy31RS2tagXQJIvJeGjrl3BlkWVEkN5-_oyXe1hCGOzzY8ZFYqcEOOx40vfKj2PiSgd0hfuq7IXZIkEI2UffU7HqrpyW6BnVs-HohFx7nUKXAdaF2Ak-YtnCYfUVY-r-lomkUe1dpNxB1sMkYijDlJkBqib396uKwjeY_RjuEBg4Mehv2FX2Gpn9uNSpZ5j4dbtsCTFDow7z2Uo4uFLhGxYYC-nj7qmwBxvc7aCTqQE2Ts1fn5fjxKC0969-HPO6jJVx5g3AyPJblwMCNR7Ammy042r2RX3SUZOy9oKXpiV94-rbutL49EiwvjlBVFex1LByLxZxr1B3E9QRnRHjSi58urXIDPIyzq1n09YO5gPr9z77FPochjf5VlAROIq_pF2PYJYZ2l-bRUQeQCjb-e0311rdsat8ZjDwIpzelu4n0MEf4F-QeGaACLJB8KgC31PsDPu3xk7dhcXmqsC5UrlBx6ppfuGKO0f3ajBE0T_cThpwswALKByYghMr2cl5iqj2vyhy9cv_bQBriuIKvjIrITGndpz7EYzipFY6bCXmAVEWmSKGn6XDknHmM3QRslPn_RD6dVNjywMcYrpDoWOofE_H7TtzW3Eh2sb76YM30DvrhPqCPPscG7vOb1ZGEoVLzaJDRTLOPC5gyVPGhCzXDPOeHzQLNAS16P_3ZdJuy12D4GdGqWR9U_8crs0LqdiXm-RRvCjDhJbDkM7GfYUkQVwIYARpe-XZ2j6UGcMrWWHzwX4HTuEdyHcqkSeAF9-PcDZ0i3ZDu8_hE15Fwnw5KlJHifXDn4r_evLvQz-nJQOx1n9RZ_XaGKg813AYhpIP6Z4oqrruPt-K4bcJA030P-8CUh-OMiapAVJWK5ljoFZRkL-NuA6yOUUU97XagQNbK8KvRXlMER3SWeG6LEvTQMQgOONMOo_ZIwkQXOwxDamVIhTmOrk6zA4dyxhci0uHFyk30goSGyQAA-0vSG4_HpqS3Sk7Xla34h5zjXPZTQXEb6Banez2TwBSsrllsK8DT7HcDvave2tS8DLqLH7Ux42lrxszzemjw6e9CUT6dH7tcAMiXKZG4wGtIzJla8VLSNw7vICLz-fyYSr4rxUVvmOMEVXCH5_byraILkt4oyTbzou7oL3YACk6lwc_Dk8AbLtjKhI3S2RZi7VfkLn9KeD4e5fUT_Vl99GhT2g1HZRhhsvbCjQ1wHPyvv3b6MEnjvNiYYzJ6M51R1g2kikcJoofoQvGbgTqVMQqMYKVMatoi7vVmABE9GIkgpxKlF_oiIdKxyFgwtM5BOjHIaPkeZzrNRvAC9ayhL9D5dgGwXEd4FPQtceMAcj0WvDRVDtUsHHjPeK6H-qRb3aaz1WeKuuplBdMThBq1u2WJ5PLSd0vN319UfTpWR4x_VudkiaL2gR0TlMkI2L_T524VFGomXD-chV-fEAomCXe5qJ9kmT1tqLQAUkvazurRhX9eLRi6xG1qEB9VFRTfxvvAXUjwtxIrmgN_weF5Q6ZdC79BTp7svwivp6zTSJMbavag3HguXVWG2dcVZ_3kkT7HQJnf1xPFW0ZsCCv8gRp6GlRAC0JfwvTqfhoXNFFb0CiBHuldJw8UGRuKiQ6843GmG4D2FDUGIk8wVZyduUvxdD5tlCjhl9uACM9xSj4t52GxNUDWBOcgftly236yLZm_n-Wx2MH0H2gWXI7x8HU7DpRN1zQJejlFzOH_DWWau_eRiZPbmbuuQDHt1g8lp6rlPpiKiP0HHTZQefa0o_fYgqkii8_lARyCdNPh5PEhyPLkYu9qazyES90dMTG71Qnwkj16Jo8SlRGNupgrqCdXsIWRUPi7_x1UvqT8sFfvyFwPLyffwBPLYKQ-JuHkphpdmM7z-L_uxmm0FjYsSQOdRHPy7cRU6D7ijpdZjSqWFv5oVafBsRYMDpyIsmlIQn_ope7ax1zS1UNttNrbLnjUnjeoRKan0kpw7RqR61DjEBgC0hWWVTss_iYKR0UMTS5csJ78ltHiyVaOtzXzgX-y56LzLS4wC_KOhoGH4Jem0p06OkNS8PnHlH472padi0JCGj3Rg3GOrkUOmUEmQZxP0Kf_r1wS7ktsCBFaH8UEjCsACYtXR640wz5tO-UxCxw9qfmagMteuRnAPOuDn4X4CyfTrOTEWBKFdYKlKLX0mMSLyo2c_vHOVOangG0M8YueQxQamaaNedNiGRdvKrNyC_t6AaArcXi5mVKPCwaZMHxu-e7CGkbaGxo4EvZ8HGGVXR8qDV-Agjon7pAdOMRywlSFmC7VJLw-B2tVcpWG48CssxoQYY8qfpqCA-tymvJwYeCKST_AdtQwN_5RmrAyRU5MG34uLfW7eHwqZWJQ8xQ&cid=CAQSTQAvHhf_nP8E1Hv0nODGB1fgGAdDE2TMNwAKuiNm4nCMefMgPZfp6s9T_A1Lx_74He1fXZPHX6tPlOoCZjyCVKrcYh7Nm2t4IuPq9hV1GAE&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=18147204320601506000&adk=497053792&idt=53&cac=0&dtd=34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:37:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14043
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:37:26 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/ Frame 0C1B 30 KB
11 KB 38ms
38ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

719314f680a79defc6c02a7dbaff63da48911cbf418614226bde044fb02e065d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 23:30:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14455
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11551
x-xss-protection: 0
server: cafe
etag: 12710720872123804752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 28 Feb 2024 23:30:34 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 0C1B 41 KB
14 KB 39ms
38ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 06:45:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74758
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 06:45:31 GMT

GET
DATA 200
OK truncated
/ Frame 7F1C 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a161bf9a454764472aeceee6e6fd4de8b39a9ee09c165d7d764eef6a4d27ec90

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 52DB 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ac33aba7d6b406f038521112681b1d18594f57de9aa372f5d33b9c9d799707d

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0C1B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 610c6fde807be0c94ad1f0617395eee78c343c7aa4da25fd1b70c87fb2fc24eb

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7F1C 0
133 B 75ms
74ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKeVMkYXNZZ27GKuz2fcPoJiTqATJntKxXIX-l_dwwI23ARABIABg9eW5gZQEggEXY2EtcHViLTkxNzY1MjE4OTgzNDE5MDnIAQmpAt3nzcyUALI-qAMByAMCqgS_AU_QArt7EflIUQ5NJHU-Rl3zH_MFT1pYX5YAFDMY_Lebkq3euH50dgRn9LQBjSrOl8e9SQKkKkMQdrNabixueBrvzHOkzzc0T0ZvGrEYQmhDtYXvkj3-6u3a2mDXYJSuNPCM3riLuxbWE0_R5mKvqvT-HDbSnJQN2Na-aIkJDA3_iMs5DiN_RyWaoBs-tQiw4-IxpzQPsscch_egnVK8X7OAjGk5hSufBbvbLs5gMj2W9eWpwhoxmeT6tGEMOgHwgAajidms2vbIhlCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAgAhIvf3BOljNkdeatKyEA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=C-6kPxmg_Fs&uach_m=%5BUACH%5D&cid=CAQSTgAvHhf_5QMcOzl22gFrF9ho5nrrQWUYZwOHr-SSdvHD5ovgBX_fIKBNnCMs0YgUFfU0J3Em41Qkx7Nl4hsjr-rwwPsnC9MeheeRnq5cERgB&cbvp=2&vis=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888582&bpp=1&bdt=4697&idt=782&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 15 Feb 2024 03:31:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 7F1C 0
0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CCCE 13 KB
5 KB 34ms
33ms Document
text/html 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 152963
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Feb 2024 09:02:06 GMT
expires: Wed, 12 Feb 2025 09:02:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET aframe
www.google.com/recaptcha/api2/ Frame 5603 0
0

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 2DB5 38 KB
13 KB 33ms
33ms Document
text/html 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 152099
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Feb 2024 09:16:31 GMT
expires: Wed, 12 Feb 2025 09:16:31 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET privacy_small.svg
static.criteo.net/flash/icon/ Frame A5E0 0
0

GET adchoices_de.svg
static.criteo.net/flash/icon/ Frame A5E0 0
0

GET close_button.svg
static.criteo.net/flash/icon/ Frame A5E0 0
0

GET back_button2.svg
static.criteo.net/flash/icon/ Frame A5E0 0
0

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame A5E0 43 B
348 B 175ms
65ms Image
image/gif 178.250.1.6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=CKm9kEfQDQSM9wTnpTU1uIDpceXvAX55luFsnmb0zPLiZnMfk5ZR-dQQ2ctTaCyh9WqsRVa-qvGpgOnQYaytSc4-N1w6Zd4B2ahdTRreSzLnnH2G2b0m9D4H_VWAagnvR_tLnBXJsz7qw84_tVcWRx83EwhGKRBWhPWmkbmHNr1kKhBriM01k3QtdqOz4gZciWwH8a7D20YBkXU1KFJvx-rHf5nl0YLpUictSQh4OHFieydShj8Mj8UxiTopH49KpXtp_MwcjCcXDtXWRFBhoRcrtCGgT-Rf4cR5Hj3ubI2us37_-NgqezUP49wEodB6bqbyUaBsBP-Wj2mLDGzxwhXefQctNCmJiDvuMiLngG61L4_on759JPm3bheg-kp2g8L6Wa7lH_citmNFVwdie0ZATWCaFjU9AoUZwXOtJCIQvJYQ

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Zc2FkQAGHZ0I9lmrAATMILfHwVG7wDXTLKxgvA&u=%7C3Qaz3zDgbe6aMWW8Q%2FeA10N3WTxDdS%2BpzCC4HGO%2BZ5Q%3D%7C&c1=0n2XosTo5cm2a-Hcp7XBswXP_Pnh5wGNJFnD5UhbQqdhoxLfz-cNq3-pxKMVsrD8omUlRR6RplYhTIhsisz7L0uEg1YkYj4oww-4SQDtj4sk9RGZ5ZWLLOFLG-MS2CJcPhnDtEgS5ZfNrtxfKm8E3sHV7QLmCFrL7NuGTZIyv04PyqxWgO-SuKQf0Y0vWU70Duuy1jqWog2oD0ZLuHlrTBSVYNtND48kvwJ2XTMYyWkKs2NQQqQFaCYeoBEeoLdTe5u5wOtgDr-qlXQoAcGvB2Hkl8s0Q2GoMlXpS98CAMohc90bBjKy4SDKfGBTthwE0puICv5ptKZ2tHWV0fOhgWvNys3iqLV6V9uOJMpEbpwK5Co2bq32DXkwjzuSG1X3bw6gMNVitxBDZkUkmLveXZZeGX3XZsQkdj-kF4AcubplyFcMSqdh0qgeGxusZfYeVauqr44bzTs8PZaDGzRSh52G2GOcWa4BBdbUIUXHOaTfl-n2ztcnjHMPyQqX3rfDHeT0tOgpKoleCIIn5ugWB3572QEpPffmdmhFh_b-77rnc0x-cOMYvqxGx8z3IM0uCa8weowV7g-XG0WQ-bPKuGuVv9juioxsGTfY4vV31DvydxsiFMeTZ7I2Ptp_CNFsTm5qnvmH7_bEgmdvaR-vPA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCMKd1kYXNZZ27GKuz2fcPoJiTqATJntKxXIX-l_dwwI23ARABIABg9eW5gZQEggEXY2EtcHViLTkxNzY1MjE4OTgzNDE5MDnIAQmpAt3nzcyUALI-qAMByAMCqgTCAU_QArt7EflIUQ5NJHU-Rl3zH_MFT1pYX5YAFDMY_Lebkq3euH50dgRn9LQBjSrOl8e9SQKkKkMQdrNabixueBrvzHOkzzc0T0ZvGrEYQmhDtYXvkj3-6u3a2mDXYJSuNPCM3riLuxbWE0_R5mKvqvT-HDbSnJQN2Na-aIkJDA3_iMs5DiN_RyWaoBs-tQiw4-IxpzQPsscch7WivMA8zGO9KrkeX6e_7B_VCcTWOBOOd1Fh_7zDJvrWrPnGriEZ1PyCgAajidms2vbIhlCgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAgAhIvf3BOljNkdeatKyEA_oLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1Bx3UxcSwP5FNIIZnMxqWrkgQKLQ%26client%3Dca-pub-9176521898341909%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:29 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2179630
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame A5E0 0
0

GET animejs.js
static.criteo.net/animejs/ Frame A5E0 0
0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame A5E0 1 KB
1 KB 456ms
63ms Image
image/webp 178.250.1.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=97215&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F97215%2F230227%2Fb895686af0ef4c14b7c7a731718d4377_magnanni.logo-2x.jpg&v=3&w=196&rid=4&s=YZhRINokLXeuPrRf5gNfImmf

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.15 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

0a51b3c32576974ef48aa7c6bc2cd9b881ff3f229c90aa4d7fe9983c4842bbdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 1252
expires: Mon, 03 Feb 2025 03:41:17 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame A5E0 36 KB
37 KB 462ms
70ms Image
image/webp 178.250.1.15

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=97215&q=80&r=0&u=https%3A%2F%2Feu.magnanni.com%2Fmedia%2Fcatalog%2Fproduct%2F1%2F3%2F13232_men_Cruz_Cognac_side_v3.jpg&v=3&w=800&rid=4&s=pWlJ70MtuA_lTPgeE1z2jEZf&b=1200

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.15 -, , ASN (),

Reverse DNS

Software

Kestrel /

Resource Hash

acdeb517efdd0b9cce99ab0e309850b1eced17dc4af8e605e89f11e4b375ae0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 37272
expires: Sun, 26 Jan 2025 21:50:13 GMT

POST all
csm.eu.criteo.net/ Frame A5E0 0
0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A5E0 2 KB
1 KB 734ms
62ms Image
image/svg+xml 178.250.1.3

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.3 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 09 Feb 2025 03:31:30 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A5E0 2 KB
1 KB 171ms
63ms Image
image/svg+xml 178.250.1.3

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.3 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 09 Feb 2025 03:31:30 GMT

GET 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 52DB 0
0

GET
H2 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 2DB5 39 KB
15 KB 31ms
31ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:32:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 111567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:32:03 GMT

GET
H2 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame CCCE 39 KB
15 KB 38ms
38ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:32:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 111567
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:32:03 GMT

GET main.19.8.483.js
static.adsafeprotected.com/ Frame 0C1B 0
0

GET
H2 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/ 165 KB
56 KB 54ms
54ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/reactive_library_fy2021.js?bust=31081135

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a32c5a912daeea804641f60918eeefaaecccc63227a6d6887fbd1f43bb8024a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57040
x-xss-protection: 0
server: cafe
etag: 14683189137089798063
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 03:31:30 GMT

GET
H2 200 ca-pub-9176521898341909 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 105ms
84ms Script
application/javascript 142.250.186.46

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9176521898341909?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

7c59f4f497b9a77b057be49fcb58a817d1f68f66e186f722137018df0d6ef736

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8rA69TQ-W68Q2P-y1_4OaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-8rA69TQ-W68Q2P-y1_4OaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjWsOoxSXFEKghxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ycTx9SWTBBCrAfE7yVdM34B4h48Hy5vw6axsEdNZ4-qms-YAMd-66awqQKy5fjprIBBvOTOddQ8QxzyfzpoCxItZZ7CuBuIpgTNY5wCxU_oM1gAg_pw5g_U3EPvUz2CNAmIhHo5J3dvWsQm8OD7vNiMAfPVNUQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/ 90 KB
31 KB 56ms
56ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/slotcar_library_fy2021.js?bust=31081135

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a4ecbef4fa49d00155762a2981dd627720b02632872631910c1f7b2fea8829a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32117
x-xss-protection: 0
server: cafe
etag: 6533186310558737664
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 03:31:30 GMT

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame CCCE 0
40 B 32ms
32ms Image
text/plain 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?PH056g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.181.225 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 2431 0
0 238ms
237ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1707967890&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967890518&bpp=1&bdt=6632&idt=-M&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D27997deff993e187%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MbQSZnZa1H0vMeMx9NFw-2CSy3uZw&gpic=UID%3D00000d58d355ca06%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MZ2o-V2ygmS2gTfD5-5vh0E1_ikjw&eo_id_str=ID%3D80865ea94c088d92%3AT%3D1707967889%3ART%3D1707967889%3AS%3DAA-AfjZA8F-NgW_QhmyFLcjY52fZ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGsnNTCBLwvy_WcCE5Ipp7-Ox0hhaUesgp1JZFGrngUjLXqsQlvT6usQItVnukTsbPzWDf_Qh_dO-GQCiLQ%2CAOrYGskS8OK_tRXsSpiVaXQuncTf9_rsO1Mi5mHPiDftie7P1q7fDJn4zLBm3HS72uILPUHFAFoMO-hZlusrFSUEcrPIwgwB&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=98

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 84D4 0
0 239ms
239ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1707967890&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967890518&bpp=1&bdt=6633&idt=-M&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D27997deff993e187%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MbQSZnZa1H0vMeMx9NFw-2CSy3uZw&gpic=UID%3D00000d58d355ca06%3AT%3D1707967889%3ART%3D1707967889%3AS%3DALNI_MZ2o-V2ygmS2gTfD5-5vh0E1_ikjw&eo_id_str=ID%3D80865ea94c088d92%3AT%3D1707967889%3ART%3D1707967889%3AS%3DAA-AfjZA8F-NgW_QhmyFLcjY52fZ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGsnNTCBLwvy_WcCE5Ipp7-Ox0hhaUesgp1JZFGrngUjLXqsQlvT6usQItVnukTsbPzWDf_Qh_dO-GQCiLQ%2CAOrYGskS8OK_tRXsSpiVaXQuncTf9_rsO1Mi5mHPiDftie7P1q7fDJn4zLBm3HS72uILPUHFAFoMO-hZlusrFSUEcrPIwgwB&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=103

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 211
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/ Frame A707 9 KB
4 KB 34ms
33ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 10190
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 00:41:40 GMT
etag: 3890843268177463596
expires: Thu, 29 Feb 2024 00:41:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/ Frame E783 9 KB
0 55ms
53ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 10190
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 00:41:40 GMT
etag: 3890843268177463596
expires: Thu, 29 Feb 2024 00:41:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/ Frame F5A4 9 KB
0 50ms
49ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 10190
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 00:41:40 GMT
etag: 3890843268177463596
expires: Thu, 29 Feb 2024 00:41:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/ Frame 4870 9 KB
0 47ms
47ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402120101/show_ads_impl_fy2021.js?bust=31081135

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 10190
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 00:41:40 GMT
etag: 3890843268177463596
expires: Thu, 29 Feb 2024 00:41:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxU5rtvwmh0NtGFH_DO_hamjZASt0YUAjDj58dDZx0y5nmsFVeGWhUJhA9Rq9ctkB8wbu26Bm8E1yERIP7DGP0l8JaSgKCu94DRBiE98mFnz3Zh1kJM91IVZr-VZNBlxinXaIlSbAg==
fundingchoicesmessages.google.com/f/ 3 KB
0 62ms
62ms Script
application/javascript 142.250.186.46

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU5rtvwmh0NtGFH_DO_hamjZASt0YUAjDj58dDZx0y5nmsFVeGWhUJhA9Rq9ctkB8wbu26Bm8E1yERIP7DGP0l8JaSgKCu94DRBiE98mFnz3Zh1kJM91IVZr-VZNBlxinXaIlSbAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA3OTY3ODkwLDcxMjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIm9IUUI5T2U3Q1U0Il0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.oHQB9Oe7CU4.es5.O/am=YA/d=1/rs=AJlcJMyAlWf7rH4HQHs7ZSwSsxhmeqeg4w/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3lHYC2h2NbJ9ysi7o9JW7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 03:31:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-3lHYC2h2NbJ9ysi7o9JW7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj2sCoxSXF4KUhxaAQtpPpvNMdputAfFHlKdNNIK5leMbUCsQPwp8xvQBiA43nTBZAzPjnBRMnEL_78pKJ4-tLJgkgVgPid5KvmL4B8Q4fD5Y34dNZ2SKms8bVTWfNAWK-ddNZVYBYc_101kAg3nJmOuseII55Pp01BYgXs85gXQ3EUwJnsM4BYqf0GawBQPw5cwbrbyD2qZ_BGgXEQjwck7q3rWMTePGn5xkTAFkPTq4"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2DB5 0
56 B 73ms
65ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BsMOkkYXNZd2uLpu69u8PxNOj0A0AAAAAOAHgBAI&bg=!JCelJ2jNAAZN4L4YbeA7ADQBe5WfOCHea5l2846sOgvFr9EwzY63xvQSVAnCNbEV-RuVWT8VTe2G6RjOYqiJayV9UbKBAgAAAWtSAAAABGgBB5kDCvlI8pxah5jbWH3HPnFnGb7VcFGmqzL_lXTs8JnmevaGCtcxnGMAS0VURybkUggXk_D4S-RotChHdlhZ-tFJBhn54ZO2Vgpg0C3Nn1rqYIenNsIWvqM_FuWLvLLcMHA8BW40hq0U93GpS4p7r7A_xEPJohubKDzdkE1uD-8lQ40ZhSVS57SRiCljbudblwVk2zWRlfnWCdf-TlTRIZFR1LAfiKnYsmWn4gW-eWRNq2xx4E3PzPZuSjkD3C76GfA6m3kiNpzU8_oJrCpt0L3Meoo6wMV8Qy1gT6EeyUJQM1PHzhJDT_xROsQPGtdOqBT4pdZZIxUqsYv0ZZfn3IzK8362sBbA4l-hfmafgvwqNUewmpO5qSGZRdAQXhKmeSgMRJ_y2FipSCYWpGD3RkAg0U03dIgV0ajhQQa9KGsBAkYKHTX3XXXzuDTLkRmdrFD9P8-QiFKIqc1AbZYc5ptZNn_XRsiZfUM7RYNKYBebEirCKPa1HiEJLIfMkr-Ha1hdryXnBD36Ycj6GmoiD7ioXqMjV4rFCtJueB-t-qY7UeDP6wCXLNs8jg891S0sP5pjkTcFPh7czKitAR6HoFPSTrsOee6bON13CLLtD6q-1-xrlLsEurdNA1JwPFewbk2A0IRodP_IZdjOYaKs98XP9QuUTSajorou4GWNcQcVkhY-Quw-Ye_gJuyIgWoEszVR9KyLcwVoElQeH93Isn5xCHBy--jQCwS0iB4GrBkiNzl-Bh2NmJ85PSAKbko2bhXGc5fTElXd7wX2GKBJ32TddikBgHOgXxb22APJPVF0P64mMsVZzRxktlJL7RCcdPyaZvC7xk_Gy4hswRSE8d4TEdehH0x4vE3cY32IttmsUbyuG0a_iYv1nKfdq75ttmj9PimMwdBhkf6o16e0BcDbIgF9FD8H17vh1N9vnPYhCpVTuNg2TA9G_jvKNuaG0_eUlgYT82D9lXI9mc-aSW-ur9hESDskOKLMOxPXJ_PkXQu6jWLnYpT4nMpwGZ76Q5bs5WU5jq1x975XL8I

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888579&bpp=1&bdt=4694&idt=772&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=776

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST ping
pagead2.googlesyndication.com/pagead/ 0
0

GET css
fonts.googleapis.com/ Frame 49DF 0
0

GET load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 49DF 0
0

GET abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/ Frame 49DF 0
0

GET
H2 200 s
googleads.g.doubleclick.net/pagead/drt/ Frame 9D8B 0
0 33ms
31ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/r8hevdwag7m0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 3176
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 02:38:34 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 49DF 0
0

GET qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 49DF 0
0

GET ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 49DF 0
0

GET c0f9635aabdd33ab086e3930fa461563.js
www.gstatic.com/mysidia/ Frame 49DF 0
0

GET fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/ Frame A707 0
0

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A707 205 B
295 B 42ms
41ms Image
image/png 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 23:53:15 GMT
x-content-type-options: nosniff
age: 99495
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 12 Feb 2025 23:53:15 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A707 604 B
919 B 41ms
40ms Image
image/png 172.217.18.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.3 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f3.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 04:03:39 GMT
x-content-type-options: nosniff
age: 84471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 13 Feb 2025 04:03:39 GMT

GET interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/ Frame A707 0
0

GET
H2 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 5F59 0
0 44ms
44ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYkJqDggIwAQ&v=APEucNUpOl-WWi07KwYDyE_USpuepAdxxyhNVk8K9XlsKrPLoBkkPEihjIAO03huAkNPM8nFKi-zNq-hjJMV2Id4vFAhdxqyvA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:30 GMT
expires: Thu, 15 Feb 2024 03:31:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame E783 0
0

GET omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/ Frame E783 0
0

GET abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/ Frame E783 0
0

GET Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame E783 0
0

GET window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame E783 0
0

GET qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame E783 0
0

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E783 42 B
107 B 67ms
64ms Image
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C_KPIkJ-PRsrL2JnblPWA-YVSwzPECyetrgXVUtbbKnhBi4yY2MehVouWX3hbr3xQOyWG0oNqUz7wuDngaE1rUNs-vklfJyi_4c31YcK3Ej7Zs4mI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 03:31:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame E783 0
0

GET
H2 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 120E 0
0 44ms
44ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJjjZhDLynYYkJqDggIwAQ&v=APEucNX65eVWoUvDFXhyJaposzOSmBTonIRGO0naxvLnXUS7goP4PvSyhtlY0l2tngCQSJxiEOtgO6pU8rePGS-TqVxGSvw6BA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240213/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 03:31:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame F5A4 0
0

GET omrhp_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/ Frame F5A4 0
0

GET abg_lite_fy2021.js
pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/ Frame F5A4 0
0

GET Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame F5A4 0
0

GET window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame F5A4 0
0

GET qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame F5A4 0
0

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame F5A4 0
0

GET ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame F5A4 0
0

GET pixel
googleads.g.doubleclick.net/xbbe/ Frame 9B95 0
0

GET dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 45F2 0
0

GET window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 45F2 0
0

GET qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/ Frame 45F2 0
0

GET ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 45F2 0
0

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame 45F2 0
0

GET adview
googleads.g.doubleclick.net/pagead/ Frame 52DB 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Domain: ssl.google-analytics.com
URL: https://ssl.google-analytics.com/ga.js

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Domain: rtb.fr3.eu.criteo.com
URL: https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kLiJFs75RNYImAKdg2ICAgAAAEdgjw4aiq0EEJGFzWX6Z0i7bXrgFEuxAAASAAAKCkFRVUJEd0VCRHc&wp=Zc2FkQAGHZ0I9lmrAATMILfHwVG7wDXTLKxgvA&cbvp=2

Domain: www.google.com
URL: https://www.google.com/recaptcha/api2/aframe

Domain: static.criteo.net
URL: https://static.criteo.net/flash/icon/privacy_small.svg

Domain: static.criteo.net
URL: https://static.criteo.net/flash/icon/adchoices_de.svg

Domain: static.criteo.net
URL: https://static.criteo.net/flash/icon/close_button.svg

Domain: static.criteo.net
URL: https://static.criteo.net/flash/icon/back_button2.svg

Domain: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Domain: static.criteo.net
URL: https://static.criteo.net/animejs/animejs.js

Domain: csm.eu.criteo.net
URL: https://csm.eu.criteo.net/all?cppv=3&cpp=wL0VkPncOvSH2aGPlfiYeWv-BeXXjSUkSJnKA1T13wQgDdFXLv1vRtlCzEIXiosxL_A4xHEeEzW5CkMupbRKZqssvgaB-WAEeyMCQeiTY3Snal5fO1Uy6I_hiNXHCP_h1bGwDtBUywyu-nqTYcWxL9PnVNbluXZFvGgt18OrV4mXyWb4h-Bd7P0dLtYGpUjfrTNnX-RdwpPJGVebyu6BpE1SaCpOBd5Ut9qieyentr4vPOcwNOiUnSARkzbpAWkPAyC7hg&sds=2&rev=90562.7&sendBeacon=true

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Domain: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/main.19.8.483.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/ping?e=1

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/load_preloaded_resource_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/abg_lite_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Domain: www.gstatic.com
URL: https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/omrhp_fy2021.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/abg_lite_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/elements/html/omrhp_fy2021.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20240213/r20110914/abg_lite_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ApZs6hbZn4knIstYzPdngSwxRROQZy1jxnZI3Z4wySjVFvdr70iNUzp5dzirm5g3fciAxCUIkDLVI3DEpwNpxPRortYksKEi6mNYj2ZXLWnAUhv2I

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKiEfhDNoqSDAxjI-6eHAjAB&v=APEucNV92i7tTk1i19-HhXoFllYBk01SnXc3Eb7fZ9EbfurtRM_K-T4evMkkp38pC_pUAPGjUYiJw6Ypeqf9UXimusDtwwSOvg

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/window_focus_fy2021.js

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20240213/r20110914/client/qs_click_protection_fy2021.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AgvmRVNvy6-wtEkn0C4DoR2fz2BTxVJmW9wTfPqxLJIluKnkiavLvGK8Eo8MbY0CGAD1yvfweD9e5455WgeCcHk60bzdgoB8sbExYKyMPSn5u7QPk

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adview?ai=CCXefkYXNZaXqFr6E2fcPt6OR4AGn2_GgdbjPsMyNEvLs0uCyARABIIK6uHxg9eW5gZQEoAHl-5ePAcgBCakC7Q-Tnprysj6oAwHIA8sEqgTVAU_Q-lM0wGECHmdej0fauD_Vazr_0b9Scv66rGYPdPB7l_gkrz2IOeLGR3sJt5P3Q0ij9QQO3mCSwK8PtAlULhn6ZaJaUX2XNGJ6axDzr3mONenfTycN829-qZqWawEfQ0QALR7u598iCVoRTRxvmJnZu1Yqplsbk8RHVom_dHHRmMsMotPNUrScnGKFR2p2Hr7MhvtcQ916aQjv9NyXuJc0fSMV1syyOXzfMyvgSGwhxKoD8U-qnHzNW5ubUG1jNOd4p9zNf-lx5JcC18-VISr42ln7BMAE1a205NcDiAWo3sHGNpIFBAgEGAGSBQQIBRgEoAYugAeDhOjwAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4b2AcA8gcEEK6GCdIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOliBvNWatKyEA5oJFGh0dHBzOi8vaW50b3RoZWwuY2gvgAoByAsB2gwRCgsQoKGbkKSQqIL6ARICAQO4E4gE2BMK0BUBgBcBshccChoIABIUcHViLTkxNzY1MjE4OTgzNDE5MDkYAA&sigh=L1ZLdV0_Mg4&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_2g3ozdutjiJS62kQGL6Yyxms6lgd8th3hg0t3oLUFApybCsXiEqB_yvZ8WKYN0zHKSrprpzeNi2YluJHj0BOD_EMNi5SstdLyxgB&template_id=520&cbvp=2&vis=1&nis=5

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.file-upload.org/	1969-12-31 23:59:59	Name: lang Value: german
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Thu Feb 15 2024 04:32:22 GMT+0100 (Central European Standard Time), path=/
.babup.com/	1970-01-21 04:02:07	Name: _ga_3T7TKCZCC9 Value: GS1.1.1707967888.1.0.1707967888.0.0.0
.babup.com/	1970-01-21 04:02:07	Name: _ga Value: GA1.2.404958887.1707967889
.babup.com/	1970-01-20 18:27:34	Name: _gid Value: GA1.2.1166705376.1707967889
.babup.com/	1970-01-20 18:26:07	Name: _gat_gtag_UA_119779859_1 Value: 1
.doubleclick.net/	1970-01-21 04:02:07	Name: IDE Value: AHWqTUlWcAVagng_Flr3kmFzWVwHFBtrfeh_0a2bmlJLjWcfwDSp1vMYfiix6jGN
.casalemedia.com/	1970-01-21 03:11:43	Name: CMID Value: Zc2FkbmqPcEAABOtAJ5q6gAA
.casalemedia.com/	1970-01-20 20:35:43	Name: CMPS Value: 5252
.casalemedia.com/	1970-01-20 20:35:43	Name: CMPRO Value: 5252
.babup.com/	1970-01-21 03:47:43	Name: __gads Value: ID=27997deff993e187:T=1707967889:RT=1707967889:S=ALNI_MbQSZnZa1H0vMeMx9NFw-2CSy3uZw
.babup.com/	1970-01-21 03:47:43	Name: __gpi Value: UID=00000d58d355ca06:T=1707967889:RT=1707967889:S=ALNI_MZ2o-V2ygmS2gTfD5-5vh0E1_ikjw
.babup.com/	1970-01-20 22:45:19	Name: __eoi Value: ID=80865ea94c088d92:T=1707967889:RT=1707967889:S=AA-AfjZA8F-NgW_QhmyFLcjY52fZ

69 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://ssl.google-analytics.com/ga.js Message: Failed to load resource: net::ERR_CONNECTION_RESET
javascript	error	URL: https://www.babup.com/file.php?get=r8hevdwag7m0 Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/file.php?get=r8hevdwag7m0 Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_QUIC_PROTOCOL_ERROR.QUIC_NETWORK_IDLE_TIMEOUT
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1707967889&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707967888582&bpp=1&bdt=4697&idt=782&shv=r20240213&mjsv=m202402120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=7374792170404&frm=20&pv=1&ga_vid=404958887.1707967889&ga_sid=1707967889&ga_hid=2005448028&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808398%2C42532524%2C95322433%2C95322746%2C95324580%2C95325068%2C31081135%2C95323760%2C95321867%2C95324155%2C95324160%2C95325080&oid=2&pvsid=4481064964568373&tmod=1740997637&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=786 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kLiJFs75RNYImAKdg2ICAgAAAEdgjw4aiq0EEJGFzWX6Z0i7bXrgFEuxAAASAAAKCkFRVUJEd0VCRHc&wp=Zc2FkQAGHZ0I9lmrAATMILfHwVG7wDXTLKxgvA&cbvp=2 Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://static.criteo.net/flash/icon/close_button.svg Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://static.criteo.net/flash/icon/back_button2.svg Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://static.criteo.net/flash/icon/privacy_small.svg Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://static.criteo.net/flash/icon/adchoices_de.svg Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://csm.eu.criteo.net/all?cppv=3&cpp=wL0VkPncOvSH2aGPlfiYeWv-BeXXjSUkSJnKA1T13wQgDdFXLv1vRtlCzEIXiosxL_A4xHEeEzW5CkMupbRKZqssvgaB-WAEeyMCQeiTY3Snal5fO1Uy6I_hiNXHCP_h1bGwDtBUywyu-nqTYcWxL9PnVNbluXZFvGgt18OrV4mXyWb4h-Bd7P0dLtYGpUjfrTNnX-RdwpPJGVebyu6BpE1SaCpOBd5Ut9qieyentr4vPOcwNOiUnSARkzbpAWkPAyC7hg&sds=2&rev=90562.7&sendBeacon=true Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
network	error	URL: https://static.criteo.net/animejs/animejs.js Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2 Message: Failed to load resource: net::ERR_CONNECTION_RESET
network	error	URL: https://static.adsafeprotected.com/main.19.8.483.js Message: Failed to load resource: net::ERR_CONNECTION_CLOSED
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
ajax.googleapis.com
cat.nl3.eu.criteo.com
cdnjs.cloudflare.com
certify-js.alexametrics.com
cm.g.doubleclick.net
connect.facebook.net
csm.eu.criteo.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
imageproxy.eu.criteo.net
images.dmca.com
mts0.google.com
pagead2.googlesyndication.com
region1.google-analytics.com
rtb.fr3.eu.criteo.com
s0.2mdn.net
ssl.google-analytics.com
static.adsafeprotected.com
static.criteo.net
tpc.googlesyndication.com
www.babup.com
www.file-upload.com
www.file-upload.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
cdnjs.cloudflare.com
certify-js.alexametrics.com
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
rtb.fr3.eu.criteo.com
s0.2mdn.net
ssl.google-analytics.com
static.adsafeprotected.com
static.criteo.net
tpc.googlesyndication.com
www.file-upload.org
www.google.com
www.gstatic.com
104.18.36.155
142.250.181.225
142.250.184.226
142.250.185.136
142.250.185.138
142.250.185.78
142.250.185.98
142.250.186.46
142.250.186.74
157.240.253.1
169.150.247.39
172.217.18.3
178.250.1.15
178.250.1.17
178.250.1.3
178.250.1.6
188.114.96.3
188.114.97.3
216.239.32.36
52.210.186.204
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6
0263ae4f7e587123e23dd226393d624068f51722610bf0cb53c56c7e1e680ede
0312337a82eb1a7fb5f775ad953b4e3b91ebcc539fd781230a3802e9c71cc983
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
06f5cbe3228a4b76a45cc17a2b4c763fd89eddb44a049a92048611abb62b4ea8
0a51b3c32576974ef48aa7c6bc2cd9b881ff3f229c90aa4d7fe9983c4842bbdc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
2ac33aba7d6b406f038521112681b1d18594f57de9aa372f5d33b9c9d799707d
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
434bb648f37f996a35d2f96abbbe8683f471c1b486e2989665d66a2879a1f2c5
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
610c6fde807be0c94ad1f0617395eee78c343c7aa4da25fd1b70c87fb2fc24eb
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65131cc59c10eafb0f800f607298144b6f68e694fb828569f097f39064f3b4bb
65bfe29f1e223caa5eeee9c168a44cffd3d74b31b69e6001d25e542a64c94044
65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c7b1936670c4129e9f721550413166aef2375f52f9168d13ebe2f42dca590ba
719314f680a79defc6c02a7dbaff63da48911cbf418614226bde044fb02e065d
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
7c59f4f497b9a77b057be49fcb58a817d1f68f66e186f722137018df0d6ef736
7e2ef5a7f1a0b8aa917ffe205e4fced340f49913298e22beeda28ba15561221f
83c2c2e800e5e666e06c5e5c846898634bc001c83ef57502b9a811c24d59b9b0
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8bd60dede8af26a955a783c43219156e6121feac7cef6497ed9901fde83ab733
8f5fc07d0d1a57905b7d89a057b1adc08ae8cebf14aab03b09370f7b952598fd
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
9adfefea1ba33ec744296bd3226c183864a5d3a1f142129b590a33f88f4acafe
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
a161bf9a454764472aeceee6e6fd4de8b39a9ee09c165d7d764eef6a4d27ec90
a32c5a912daeea804641f60918eeefaaecccc63227a6d6887fbd1f43bb8024a6
a4ecbef4fa49d00155762a2981dd627720b02632872631910c1f7b2fea8829a3
a6ee58f60c407b083623fdc4586ae66d10f4586920a825a74e26762bc262eefd
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
acdeb517efdd0b9cce99ab0e309850b1eced17dc4af8e605e89f11e4b375ae0f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b95910f3b80776acda21a1937f5634d983294c4859d5fa789286ad2dfe67827f
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
c315c0592e1929436d79804eb58e709339c72e49ad30906d6393a49a542ca99e
cb36301797a7da276450ba47cb1bbea88abb2e116d707d2bcf8e1dfe6f90a047
cc1eb1ad3abbf4b1c82a499f652f6e1754681fe5dfbeeec1a612869d22b4db5d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
dbce81774e43c585243fa5f01bb8ad3603759e627ace5a638a13a4b1597f2201
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef464178c7e1d29335b1edd15ed4273210b3dea43f9fa646d9846d726b71b43d
f667fc9f6632dbf8d0e796d57808346f4debf157db51473e39286e028832d42f
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.babup.com Open in urlscan Pro 188.114.96.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

154 Requests

60 %HTTPS

0 %IPv6

19 Domains

32 Subdomains

21 IPs

6 Countries

1923 kBTransfer

5482 kBSize

13 Cookies

31 Outgoing links

Page URL History

Redirected requests

154 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

www.babup.com Open in urlscan Pro
188.114.96.3 Public Scan

Screenshot
Live screenshot

Full Image

154
Requests

60 %
HTTPS

0 %
IPv6

19
Domains

32
Subdomains

21
IPs

6
Countries

1923 kB
Transfer

5482 kB
Size

13
Cookies

154 HTTP transactions
6 data transactions