www.babup.com Open in urlscan Pro
51.15.15.22 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/3sne9qdhtxht
Effective URL:
https://www.babup.com/file.php?get=3sne9qdhtxht
Submission: On October 05 via manual (October 5th 2023, 5:10:49 am UTC) from DE — Scanned from CH

Summary HTTP 257 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 35 IPs in 5 countries across 25 domains to perform 257 HTTP transactions. The main IP is 51.15.15.22, located in France and belongs to Online SAS, FR. The main domain is www.babup.com.
TLS certificate: Issued by R3 on August 21st 2023. Valid for: 3 months.

This is the only time www.babup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7 7	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	51.15.15.22 51.15.15.22	12876 (Online SAS) (Online SAS)
53	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
3	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
1	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
1	142.250.185.138 142.250.185.138	15169 (GOOGLE) (GOOGLE)
1	169.150.247.39 169.150.247.39	60068 (CDN77 ^_^) (CDN77 ^_^)
3 20	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	216.239.32.178 216.239.32.178	15169 (GOOGLE) (GOOGLE)
1	216.239.32.36 216.239.32.36	15169 (GOOGLE) (GOOGLE)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
41	142.250.185.193 142.250.185.193	15169 (GOOGLE) (GOOGLE)
12	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
6	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1	142.250.186.174 142.250.186.174	15169 (GOOGLE) (GOOGLE)
14	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
5	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
10	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	143.204.215.67 143.204.215.67	16509 (AMAZON-02) (AMAZON-02)
1	107.178.244.119 107.178.244.119	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
8	2.16.238.14 2.16.238.14	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6 10	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2 4	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 2	104.102.35.84 104.102.35.84	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.22.91.189 52.22.91.189	14618 (AMAZON-AES) (AMAZON-AES)
20	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
4	130.211.44.5 130.211.44.5	15169 (GOOGLE) (GOOGLE)
1	142.250.185.164 142.250.185.164	() ()
6	52.222.214.123 52.222.214.123	() ()
257	35

7 188.114.97.3 (Amsterdam, Netherlands) 7 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.15.15.22 (France)

ASN12876 (Online SAS, FR)
PTR: server.babup.com

www.babup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

53 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.150.247.39 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: 169-150-247-39.bunnyinfra.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.181.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.32.178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 142.250.185.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-67.fra53.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.244.119 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.238.14 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-238-14.deploy.static.akamaitechnologies.com

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.26.193 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.53 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.35.84 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.22.91.189 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-91-189.compute-1.amazonaws.com

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 130.211.44.5 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 5.44.211.130.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.164 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.222.214.123 (None, )

ASN- ()

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 tpc.googlesyndication.com — Cisco Umbrella Rank: 169	844 KB
37	doubleclick.net 10 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 ad.doubleclick.net — Cisco Umbrella Rank: 180 cm.g.doubleclick.net — Cisco Umbrella Rank: 329 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 433	325 KB
22	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 775705	548 KB
20	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 408	463 KB
16	google.com mts0.google.com — Cisco Umbrella Rank: 6671 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1673 www.google.com	116 KB
12	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 676 rtb0.doubleverify.com — Cisco Umbrella Rank: 1113 tps.doubleverify.com — Cisco Umbrella Rank: 722	252 KB
12	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	536 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	158 KB
7	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1368 www.googleadservices.com — Cisco Umbrella Rank: 178	603 B
7	file-upload.com 7 redirects www.file-upload.com	3 KB
6	trustarc.com choices.trustarc.com	19 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 720 fonts.googleapis.com — Cisco Umbrella Rank: 113	33 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1026	3 KB
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 668 www.google-analytics.com — Cisco Umbrella Rank: 96 region1.google-analytics.com — Cisco Umbrella Rank: 1878	38 KB
3	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 863	851 B
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 360	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 229	176 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 2022	513 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	147 KB
2	babup.com www.babup.com	9 KB
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 2071	175 B
1	sojern.com beacon.sojern.com — Cisco Umbrella Rank: 7399	220 B
1	truste.com choices.truste.com — Cisco Umbrella Rank: 1356	10 KB
1	dmca.com images.dmca.com — Cisco Umbrella Rank: 12920 Failed	5 KB
0	alexametrics.com Failed certify-js.alexametrics.com Failed
257	25

	Domain	Requested by
53	pagead2.googlesyndication.com	www.babup.com pagead2.googlesyndication.com www.file-upload.org googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com ad.doubleclick.net
41	tpc.googlesyndication.com	googleads.g.doubleclick.net www.file-upload.org tpc.googlesyndication.com ad.doubleclick.net pagead2.googlesyndication.com
22	www.file-upload.org	www.file-upload.org www.babup.com
20	s0.2mdn.net	www.file-upload.org googleads.g.doubleclick.net ad.doubleclick.net s0.2mdn.net
20	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com www.file-upload.org
14	fundingchoicesmessages.google.com	pagead2.googlesyndication.com www.babup.com
12	www.googletagservices.com	googleads.g.doubleclick.net www.file-upload.org cdn.doubleverify.com www.googletagservices.com ad.doubleclick.net
10	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
8	cdn.doubleverify.com	www.file-upload.org cdn.doubleverify.com
7	www.file-upload.com	7 redirects
6	choices.trustarc.com	choices.truste.com choices.trustarc.com
6	www.googleadservices.com	googleads.g.doubleclick.net www.babup.com
6	www.gstatic.com	googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
4	googleads4.g.doubleclick.net	www.file-upload.org ad.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	ad.doubleclick.net	1 redirects googleads.g.doubleclick.net www.googletagservices.com
3	connect.facebook.net	www.babup.com connect.facebook.net
2	tps.doubleverify.com	cdn.doubleverify.com
2	rtb0.doubleverify.com	cdn.doubleverify.com
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.babup.com www.googletagmanager.com
2	www.babup.com	www.file-upload.org www.babup.com
1	www.google.com	tpc.googlesyndication.com
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	beacon.sojern.com	www.file-upload.org
1	choices.truste.com	www.file-upload.org
1	mts0.google.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	ajax.googleapis.com	www.babup.com
1	ssl.google-analytics.com	www.babup.com
1	images.dmca.com	www.file-upload.org www.babup.com
0	certify-js.alexametrics.com Failed	www.babup.com
257	38

This site contains links to these domains. Also see Links.

Domain
www.file-upload.com
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.com
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2023-09-25` - `2023-12-24`	3 months	crt.sh
www.babup.com R3	`2023-08-21` - `2023-11-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-14` - `2023-10-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
images.dmca.com R3	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.truste.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-16`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-17` - `2024-02-17`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2022-09-28` - `2023-10-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.trustarc.com Amazon RSA 2048 M02	`2023-04-17` - `2024-05-14`	a year	crt.sh

This page contains 36 frames:

Primary Page: https://www.babup.com/file.php?get=3sne9qdhtxht
Frame ID: 14E0040BC41C567E5439C8220ED36099
Requests: 62 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/zrt_lookup.html
Frame ID: BDDFD49A7CDE5D3854916140E00EBE40
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1696475442&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641841&bpp=6&bdt=619&idt=953&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4223582011529&frm=20&pv=2&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=999
Frame ID: B70A84F525973923E3894F6EEFB866CE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011
Frame ID: 1A87E791E500191284CF82922B28CDD8
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608
Frame ID: 1B0DDDC6B1429D8AB7AC5C157CBB74D8
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642281&bpp=1&bdt=1060&idt=614&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=tkUw9xstfq&p=https%3A//www.babup.com&dtd=619
Frame ID: 6A3118473EE6C0E48978C3ED48660CEB
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1696475444&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482644102&bpp=1&bdt=2881&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1cf1bb5c0cc8488e%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbZ9YdfSvrUK-QGNPYTDKprk1N0PA&gpic=UID%3D00000c8e20a4f5cc%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbdYgCTauQM4RYNqcSUxY7LeBpUwg&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280&nras=2&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&psts=AOrYGsmLvOF7owMrvd_8adUPHCdymUnY97DHLQiWVI5se4TC_li78wCr9Q0iIuS4fz0enV4FRIaQew82Q0WmUNG5jwY801yV%2CAOrYGsnhFhDuDHXg9Sg5CZBUmDevlu_FOLd8v5YlNni82ABw1Evlxt-wXYs-hXlHl6OYP0LnVvPzQOTb8HU0UqhGmT-okQ%2CAOrYGsnOaPbmoit8DIfyuoQjf-QIadFe5Saq_RC-sIZ-YUPfvk1IOFPfnoDMj8P4FDWoBZazCJouBTxAXFuffHUZ7SAGLly5&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=Bk6bl8ZRxj&p=https%3A//www.babup.com&dtd=224
Frame ID: 6A44D8E0E63DEEC77D5EE6CF511A5A48
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1696475444&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482644102&bpp=1&bdt=2881&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1cf1bb5c0cc8488e%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbZ9YdfSvrUK-QGNPYTDKprk1N0PA&gpic=UID%3D00000c8e20a4f5cc%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbdYgCTauQM4RYNqcSUxY7LeBpUwg&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280%2C1110x90&nras=3&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&psts=AOrYGsmLvOF7owMrvd_8adUPHCdymUnY97DHLQiWVI5se4TC_li78wCr9Q0iIuS4fz0enV4FRIaQew82Q0WmUNG5jwY801yV%2CAOrYGsnhFhDuDHXg9Sg5CZBUmDevlu_FOLd8v5YlNni82ABw1Evlxt-wXYs-hXlHl6OYP0LnVvPzQOTb8HU0UqhGmT-okQ%2CAOrYGsnOaPbmoit8DIfyuoQjf-QIadFe5Saq_RC-sIZ-YUPfvk1IOFPfnoDMj8P4FDWoBZazCJouBTxAXFuffHUZ7SAGLly5&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=RowHjILB7r&p=https%3A//www.babup.com&dtd=228
Frame ID: B89D9F9DD3C4256393CB85FD1F849541
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 40107ECEF10F27CE249D51DA31777EFF
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 09B283546639F723AAC10E164751830A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 836784DB84191E6F17956D09C625958B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 7C0E63A92867FA32F4274A258EB9EEBE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXBZUcqP40Vd1fmkpfZpZSPl3F5jJ4xee5EsC4qHvl5yfo1t60MVYrvuUPmFyA6VHHkw6zXhEBL_5TPZhTwtmflTGKjNQ
Frame ID: 34B754A532B03A77EA11A396A80BFF1D
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 9AC93975D065CD7A90CFF73976744905
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-9uFvQEwAQ&v=APEucNVAVZZ7etIwaVJdyN8YVlgnupKT7HMeyynMV6rvLkXpkgKaWGrkjsL6UbVFvrA6eo9W_eE_h6pNGtqXSFNElntVge5D4g
Frame ID: BE2594A9FE78FC447A7BBDB67110B155
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 7CD4CD97B537AE8A0CDD251308BA8927
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY_OOEvQEwAQ&v=APEucNWsEidHr9o4JmzZtn_6b6atIODuhBlZmU9GCmigGoHLLcyiweHP_lGYztgr0nEPBN4YsOTk6FtUQ4X1fTP5s6H6WkphCA
Frame ID: EB0C29915DC06A0D7E0D36942882703F
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: A046A6F52773EDF450035EC244010CCD
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js
Frame ID: 536AA89A11EF87347814D95ADC8DCDC4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js
Frame ID: 3364D4CF88B2C6A293402C3E242D51B7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js
Frame ID: F066A32339AA7C05DCF4E2FED93CB50F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js
Frame ID: 94851D2CF79CA28DF5D3E5CED1B5208B
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js
Frame ID: E5F432C492C06DCB9EDDAAE6B10D35FC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 730311C6335A6CD745BBFE153C3A8A6B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 25F8BF88797758DBA53F070FCC55F0C8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4997DCEF7B4DF7013FF31681EC9BD6F6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 0E94C15C520E2E3C43F46A27C9FC5D53
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4796.js
Frame ID: EA1A2B9DF201BFDEFE25C8C8F7A59AC9
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4796.js
Frame ID: 6D4EAA49BA1A7A07804323B62EFE6E0E
Requests: 2 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=97.287;dc_eid=40004001;sz=160x600;u_sd=1;gdpr=0;dc_adk=4102376853;ord=x71hlt;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=2,https%3A%2F%2Fwww.babup.com%2F$0;xdt=1;crlt=R'W5YaF5dD;cmpl=8;gcsr=a;stc=1;chaa=1;sttr=386;prcl=s
Frame ID: AC767CEF6D3DF12092740EE9F42DD2DB
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
Frame ID: E48A0E444E6A0C189C9475C1E4084DF9
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 04F49FFC415642CC8BBB3DE231963738
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js
Frame ID: 0DDDE1912950A1553A97AA43FC29C038
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 281A48C01CBA27CC76116DD46863CD91
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 49A989C65D0E447246E15A6E88AA5C66
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: A175F92CB064377A7A21C166461F2137
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/3sne9qdhtxht HTTP 301
https://www.file-upload.org/3sne9qdhtxht Page URL
https://www.babup.com/file.php?get=3sne9qdhtxht Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

257
Requests

91 %
HTTPS

0 %
IPv6

25
Domains

38
Subdomains

35
IPs

5
Countries

3679 kB
Transfer

9518 kB
Size

17
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.com/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.com/3sne9qdhtxht
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.com/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/3sne9qdhtxht HTTP 301
https://www.file-upload.org/3sne9qdhtxht Page URL
https://www.babup.com/file.php?get=3sne9qdhtxht Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/3sne9qdhtxht HTTP 301
https://www.file-upload.org/3sne9qdhtxht

Request Chain 16

https://www.file-upload.com/mngez/css/app.css?v=1 HTTP 301
https://www.file-upload.org/mngez/css/app.css?v=1

Request Chain 21

https://www.file-upload.com/mngez/js/app.js?v=20 HTTP 301
https://www.file-upload.org/mngez/js/app.js?v=20

Request Chain 22

https://www.file-upload.com/assets/images/logo_new.png HTTP 301
https://www.file-upload.org/assets/images/logo_new.png

Request Chain 24

https://www.file-upload.com/mngez/images/anti1.png HTTP 301
https://www.file-upload.org/mngez/images/anti1.png

Request Chain 25

https://www.file-upload.com/mngez/images/anti2.png HTTP 301
https://www.file-upload.org/mngez/images/anti2.png

Request Chain 27

https://www.file-upload.com/assets/images/norton.png HTTP 301
https://www.file-upload.org/assets/images/norton.png

Request Chain 81

https://googleads.g.doubleclick.net/pagead/adview?ai=CT8R6UkUeZff5OtC378EPvcyb8A_3r86kc--F6575EYiU-IezAhABIIK6uHxg9b3BgbAEoAGjkNuoAcgBCakCFTFRdjxXsj6oAwHIA8sEqgTHAU_QCXI38ttkdTn3Ppywhci_oA2mjE5tATRiWws0W5mDIh_-siQdYQpED_kxX9ccGskrNx7fkfH5MWBKFQm9RZIlvw3GTgamaYWdEhkgL5w3kO88q3DxcXjkC5I5rLYvPLJsUx4PDFGgc6NNFzvEK0wtjzIXVaxX-M73GbwqvxrqneveJjC60zTgwxg8qzg5CbJPod_WCjXVJc0uHNpE_7x8dGYL3gwsuQ6JHvwAP-yLz5R9ilMFBeIElkuc2iFeBb4kOsGI433ABNqx9KzCBIgFl72m4UqSBQQIBBgBkgUECAUYBKAGLoAHoJGTfKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEMqfBNIIFAiAYRABGB8yAooCOgKAQEi9_cE6mglCaHR0cHM6Ly93d3cuZGVjYXRobG9uLmNoL2RlL3N0b3JlLXZpZXcvZmlsaWFsZS1zdGFucy0wMDcwMjg4NzAyODg3gAoByAsBmAyJo6TeyQTaDBEKCxCQuuPXrrKKkLEBEgIBA7gTgwTYEw7QFQGYFgGAFwGyFxwKGggAEhRwdWItOTE3NjUyMTg5ODM0MTkwORgA&sigh=qXIqdWtBRG4&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNrqQf0UY_Cv2fB2SP1FvEJT4WXJcZuoQGVrHtbgmbTCGHah7ySARdYUzd0c_PZtAkzqx7Ns55AuNfLsx35xMnPV3b_lt_3RgB&template_id=515&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdc5d3ed2b1aefba70000000000000000%22,%222%22:%220xd858560de16d309a0000000000000000%22,%223%22:%220xc6e8cb9f304467690000000000000000%22,%224%22:%220x90a45e0c79cacd2f0000000000000000%22,%225%22:%220x14886477858f27a60000000000000000%22},%22debug_key%22:%2216083177178416915308%22,%22debug_reporting%22:true,%22destination%22:%22https://decathlon.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22353814563%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210355299998374590593%22}&andc=true

Request Chain 99

https://googleads.g.doubleclick.net/pagead/adview?ai=Cck8kUkUeZa-4N7Sy78EP2rCQqAPymdKpYOu0z4XkDL3v2r_NARABIIK6uHxg9b3BgbAEoAH3ncOSAsgBCakCE9TeMTugsT6oAwHIA8sEqgTAAU_QY9_Uhl8SoW7M0JXPqrgIXG5Rwib6lGvYIJeCzBOfk4cN6eXl4_Pm_5pBguRtYFneGsumPs6okXz1Ieh7eWQmOsln6UncWEKV-XMv-Gfwd99UN0vQ5mi1GMsz5M9cRq0PK5i9tfxOflkU_kWxoMqPk8RK9yNxvG-0vnCWGhwf3f76nAcML6bBCX35DOF_bfy26hsQL-KSzChDnulg1Yslr-PS-UmlWvgSy6Cm4RA3w0Inwk0pPRhrKR_3S7wTjcAElMbys8cDiAWnypHPK6AGLoAH8eG87QGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDi1BbSCBQIgGEQARgfMgKKAjoCgEBIvf3BOpoJG2h0dHBzOi8vd3d3LnRpcm9sZWQuY29tL2NoL4AKAcgLAdoMEQoLEODB7qSk08X-rwESAgEDuBPkA9gTA9AVAYAXAbIXHAoaCAASFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=lOS2GR26z8o&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTADICaaN2mQF1CgkkQ0PzhKqAAi4xmCvsvYacIOAsZREvpBuoEzJO3uq3lp1ISaZijSk_xg3tNfby0_vEQeosYecy2V7-wKv2JIU0_UYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcbd5755ec2360000000000000000%22,%224%22:%220xc723957da7f298b10000000000000000%22,%225%22:%220xfd057a3ac4395e8c0000000000000000%22},%22debug_key%22:%22574464889013032341%22,%22debug_reporting%22:true,%22destination%22:%22https://tiroled.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22575721207%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224478874489207784321%22}&andc=true

Request Chain 100

https://googleads.g.doubleclick.net/pagead/adview?ai=CjWuQUkUeZYaBOr2a78EPk9GE0AfymdKpYOu0z4XkDL3v2r_NARABIIK6uHxg9b3BgbAEoAH3ncOSAsgBCakCE9TeMTugsT6oAwHIA8sEqgTAAU_QrXzChMDb42k8dGe-SFs1WqUkTFXlXKb7D4PqV6LRwVt9Qulo7qL5dsF02RE3zu_rCz8N6NI3C6kpdDAa1ArVKJxeKlQK9PT7e_7nomWD8e6tlNC35dEn3nYF9-weBz6fY_EJM4z3w4BBu_oosvdDrtCN3UK22niZfZxYEkgPF-d5r1-hFS5goK3mJpHByA1-ZNWx_kfFc4eKccisEx_K2tDdlvmWA91C_iaF3slUrk4zNSu931YrM9MsyHMnbsAElMbys8cDiAWnypHPK6AGLoAH8eG87QGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDY5AbSCBQIgGEQARgfMgKKAjoCgEBIvf3BOpoJG2h0dHBzOi8vd3d3LnRpcm9sZWQuY29tL2NoL4AKAcgLAdoMEAoKEICAi6fkg8bHahICAQO4E-QD2BMD0BUBgBcBshccChoIABIUcHViLTkxNzY1MjE4OTgzNDE5MDkYAA&sigh=3HU6kPVswAc&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaN8rciQHmJak4_Fc53VKjqS7poXY5_JKNtNRg7ztkQR-LhgXcDPgegcaBHBBwNYxvJQpAw73j2DjXenaiFjSb0vBfk_YKcHxgB&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcbd5755ec2360000000000000000%22,%224%22:%220xc723957da7f298b10000000000000000%22,%225%22:%220xfd057a3ac4395e8c0000000000000000%22},%22debug_key%22:%2213182733908138397046%22,%22debug_reporting%22:true,%22destination%22:%22https://tiroled.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22575721207%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229255316078686163825%22}&andc=true

Request Chain 105

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=COacnKuS3oEDFdSQ_QcdqFECBg;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1

Request Chain 134

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR5FVFgzrViBJLiJpBVnMQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELFi9YrnDc5ZEsgD4EuaTKg&google_cver=1

Request Chain 145

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcwODI4NTYyODMzNjQzMTcwOA%3D%3D

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELOnYiaqYy2MvNs6UfEBSJI&google_cver=1

Request Chain 147

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGQ5NGJkNjktODY3Yy0yNWI1LWZkNDktMmM2ZmQ3NzM3Mzgz

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESENn58ZVMh8VDV0Pkbe-t2n8&google_cver=1

Request Chain 149

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MmMwYjA3NGQtMTBlYi00NjFiLTgzNzgtMmIyNzdiMjE0OGVj

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEIKvimsmBUoTITq8Ndu68NQ&google_cver=1

257 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

3sne9qdhtxht Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/3sne9qdhtxht
https://www.file-upload.org/3sne9qdhtxht

27 KB
7 KB

570ms
103ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84dc56217d9e1adc27e1e5b4e0ed81c4897ac808f2729ffd6a902b93d5fbe788

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811328d80c3e0e1d-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 05:10:40 GMT
expires: Wed, 04 Oct 2023 05:10:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVr%2Fu78X7A%2BYa1uRR4JYgIeMGpF1s76yJzKFrbr6CI0c8WrE9wPpv%2F5M4ErcBgi%2B5g5iYIewDm2fEiMqRckImHZvj7yAEStqPlQ5jg%2FQGjqFi69rZXIyMpZvASVEQZtSp1WyiYWd"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811328d4bd09baca-MXP
content-type: text/html
date: Thu, 05 Oct 2023 05:10:40 GMT
location: https://www.file-upload.org/3sne9qdhtxht
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqKbXj366d6%2By%2BcPK56l1C5m0FJ4LsRyoeITYoHADRjS08xeegS9EYneCeSnP7AvF9vlsaMaICKwVUowxMQLZuTKga87bykCiaPKqdTkMgjz6MDfr9LGhsXpjPj%2F7kZryYV2DriY"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 97ms
95ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:40 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 538325
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLmcO7W9owjD57E7qlBJydR2qfj9wsrXqb%2BtuFZvwK3%2FpQSS7Rhz3%2FLgbQSTapQdwRM8mgzUyWM9mcHp2tv20vlrZeXah3FH9VwPVVw%2FxFpx2vphLyqDA6U%2FF7BghOt3l5nXiljm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 811328d90cba0e1d-MXP
expires: Fri, 29 Sep 2023 23:38:35 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 154ms
153ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:40 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SEDBmXpZErF8nIDaTQ3dGN4LvIB6gS4JevM0txuQc%2BBTWy4O5z%2F%2Fa8XNtPJ7znadQKdThOeh98TTN4km%2BRlTAV%2FNxIv%2Biwiuffi4ZkmvJrmwJFzITRml8UnsRn3b4gT6zPnSDZGo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 811328d90cbb0e1d-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 44ms
44ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5922396
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qk9qqXd8dnXp9WtpYwgxXSrL%2FIPkURVJ4gtdBgy967jH7E0F4IXkXlvfGh%2BRbCS4sbhcVk1DOGZBqesTZhLRnzmhtHqMxx5P54Ad4pjtKMC6jB1AnoyWQvMplfVW0j%2Fx4OMQF4Gq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328d9cd830e1d-MXP
expires: Fri, 04 Aug 2023 16:04:04 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1014 B 49ms
49ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 29 Sep 2023 17:15:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65170615-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHq5MJPKhaK5BhwUIt7AjoWWHwRqiPnp2aWDoaGM7msFJPEWCiB%2BdVETUWAqIqUQIZH1MB4EGrCvhZPvSX8VbfQpGui%2F4GOqiDxwcDkDqfoW9kBaZxiBgoNkDvc4q2D4LaJR6qaC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 811328d97d2e0e1d-MXP
expires: Sat, 07 Oct 2023 05:10:40 GMT

GET
H2 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 102ms
102ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 349
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGcAfBMOaYC2f%2B0OYN6aREC74LDtG7ntfipnJXSx1qQWxwcoe2GkghP6CSgh53kWgGmbTke4dNdYz4re1np%2Fr9hlsqb6xaoMaDKZTeuWC0TSdkiBL38UgMzTdSND7eb%2FEr8k4MYB"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328d9ed910e1d-MXP
expires: Thu, 12 Oct 2023 05:04:51 GMT

GET
H2 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
963 B 97ms
96ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5919195
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BIQAzqBPmdMfZFpnlklhFY8TyY2nFwf9O6MXpRchasg8pe66ROLa%2BwhWIQ8HceGKr4zRj6xFucs2UuHHIxQfB6pH9JLD4j53VUhAbLYK3JBdhbQwTNLvtdY1NwmOjf4fjWThNJGY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328da6ddd0e1d-MXP
expires: Fri, 04 Aug 2023 16:57:26 GMT

GET _dmca_premi_badge_4.png
images.dmca.com/Badges/ 0
0

GET
H2 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 84ms
84ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oITofZ0rfSoQAfnaofnJG0iQblKOEU7qD5%2BQ5cacxk36fyE6wFl%2F9d0WI2t2UCMBPXALmTx6ZHUwjjTpeJQ6L%2FsbEp3uP92EqlkK32%2BudULUSG6jTa%2FX1dcE%2BuLR3GnYZTSrERbR"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328da6dde0e1d-MXP
expires: Thu, 12 Oct 2023 05:04:51 GMT

GET
H/1.1 200
OK Primary Request file.php Show response
www.babup.com/ 23 KB
7 KB 241ms
93ms Document
text/html 51.15.15.22
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/file.php?get=3sne9qdhtxht
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.15.15.22 , France, ASN12876 (Online SAS, FR),
Reverse DNS: server.babup.com
Software: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips / PHP/7.2.34
Resource Hash: 85c702fc555543b0492919d28a6c4f078573788adf94cdab95da2438871566d3

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 6845
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 Oct 2023 05:10:41 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/7.2.34

GET
H2 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 81ms
80ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5919193
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iv5HagaZZOJczaZGi3GenCNKOS3ogdMCkGjC%2BS%2FgsKviDkbhBYnEO85kjFEnAn9cOVHrt5a41ksnvRCfw17MXUbKZc%2FoPPzlCx8c05ZGOzV6V34mu7K8UQVHlBhG6sTJ0PxX4IBZ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328da6de00e1d-MXP
expires: Fri, 04 Aug 2023 16:57:28 GMT

GET
H2 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 75 KB
76 KB 90ms
89ms Font
font/woff2 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 103
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSEMFiMvkdskTySYuzBHcz%2BetlXciFvI2pGu%2FbNKFGrUdG1mTyX%2ByKske3mQz9TkXe4mEMb9upsntdrHkVnv5LzbVyJo9r1a2uC%2FU2JaMudw8%2B0yrculYo84awu%2BAqKRgCKaXVU9"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 811328da6de10e1d-MXP
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H2 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 81ms
81ms Font
font/woff2 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 102
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gmnMBycUEbPh91wieNPKEDpm1Wxg0epctFQcjONrilqH%2FPfv%2FZwqQ25M8E6ReJANhtHQ4YQ99EOpo86fNihbZnkuuIo655PzcbBqBvUaypyukcfa4CtlQsYg%2F%2FBN4sG3guZ%2BlFwZ"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 811328da6de40e1d-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET
H2 200 poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 79ms
79ms Font
font/woff2 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3303
etag: "1ecc-5fe4d56c90801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4wtpIpJEJNELoldRszlXycLGX0yci5Edwr85Fsc3itWCUjswJjUWwtVWxxCDZZPfpkX9vfHhL119eoDI0JLoXmHFI33U033rvokjqV7cYiGbJxK0mA5z740HJosuePqOv9%2Ba7Or"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 811328da6de60e1d-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7884

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 571ms
101ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

18582475d1d53d95f2fb85b46602a4da2f25b0d7e0dbc0adea24d3ea52a2b87f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50947
x-xss-protection: 0
server: cafe
etag: 5764908442716672721
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:41 GMT

GET
H/1.1 200
OK blockadblock.js Show response
www.babup.com/ 7 KB
2 KB 59ms
59ms Script
application/javascript 51.15.15.22
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/blockadblock.js
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.15.15.22 , France, ASN12876 (Online SAS, FR),
Reverse DNS: server.babup.com
Software: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips /
Resource Hash: 7a9cfefbe46e47d6971a5d4487a2ee0e9812cba5f76668be71ac25ab8d88d6ee

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/file.php?get=3sne9qdhtxht
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:41 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Aug 2023 10:11:48 GMT
Server: Apache/2.4.54 (Unix) OpenSSL/1.0.2o-fips
ETag: "1b23-6038039110a59-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1948

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 185 KB
68 KB 509ms
74ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d84ba387a4abb3a01a82a7b82c54c889963bf4aefee9cad1f8cf0fe68ebdcd8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68987
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Oct 2023 05:10:42 GMT

GET
H2

200

app.css
www.file-upload.org/mngez/css/
Redirect Chain

https://www.file-upload.com/mngez/css/app.css?v=1
https://www.file-upload.org/mngez/css/app.css?v=1

247 KB
41 KB

53ms
53ms

Stylesheet
text/css

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 538326
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gGAUU20wSDcELVmgRpwTa65mvL%2FSpXHhnOypRcn%2BGnFv9Dw%2FJmlLREdEZE5%2BUw5ojyyhcFru7Qo5ww8MnHW1eWNGa0nIeBUAsKWc%2B%2FCIRa4KOZ45DYa7Czm89H2NC9i3Kvu%2FOFRg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 811328dc6f2c0e1d-MXP
expires: Fri, 29 Sep 2023 23:38:35 GMT

Redirect headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WeKFNrSe4K1lDhmT%2F1YLPbUX1IM4CLCsp7L6QYn2b9ThazqLciZWjA5o31XPvir5WbRZzg92pmgEkXabredUSTAUhxYRAyMFdYmX2LqhsJSTa32zbSnbXJSBIlnAQfmQclVi%2F5xg"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/css/app.css?v=1
cache-control: max-age=31536000
cf-ray: 811328dbba12baca-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 304 KB
86 KB 810ms
93ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

f8f4a12f18b5f1abdb1688d4a75e3b8487b01e7fad0ecc3da3198f8d6d41ec39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 05:10:42 GMT
content-md5: +HXjJWTbuiiD405amsuprQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88122
x-fb-debug: 7NqnkCoWiu3eJgSQdBSUdnNQJO+3EIDZOovcOJXtZ+Em41Cr/r7cBLBew0spn5AS2RJC7qz4YYFwP8HHkfO4WQ==
x-fb-content-md5: 0dae3404b7ca02e4420e92785df79988
cross-origin-opener-policy: same-origin-allow-popups
etag: "c6c7df2342a7f193535cd4de2f0b6dfb"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 03 Oct 2024 18:20:30 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 505ms
44ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

787047a06f5e8e86af10939b5cba53c0d78a5c4189a70c0bad5724d07be0190e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 05:10:41 GMT
content-md5: LxJcAIm9KTXetFJmqjNtjw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-debug: FPcYksCZ96G+3LsX2lhL2ANeXLVx+kqpyTDNQZCLXZlCVEAVbSJjCg6hy7vGnrDXt3uMaWUVQiOKiCEjbw+6cA==
x-fb-content-md5: d816fe089b51b65ee07a9bee5e0e5029
cross-origin-opener-policy: same-origin-allow-popups
etag: "339333d058697a181e1d08cba6446ce7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:25:08 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 489ms
57ms Script
text/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 03:19:59 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6643
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Thu, 05 Oct 2023 05:19:59 GMT

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET
H2

200

app.js Show response
www.file-upload.org/mngez/js/
Redirect Chain

https://www.file-upload.com/mngez/js/app.js?v=20
https://www.file-upload.org/mngez/js/app.js?v=20

235 KB
80 KB

106ms
105ms

Script
application/javascript

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hA6jG3G8sknJ5ffJfoM8NZYLXX06qEuXgxIXtcx4Wus9nqJimiILy9mKpIR0qojiZnJArIZbXYuUAD8tQ3%2FF4vrWFLqQ%2FqW%2FJlS2T7gYGpND1JPVc4vkpQATbPXyAsQdnLqgFjFR"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 811328dc6f2d0e1d-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11%2BpbX2PduzXql7WJ4G5HfEMw2jsQlUVS63EGNiFsFkP0eQ4QfQPp4laEg3Rc5pV6cyIc4LW%2BEKfCa9aTD9QaolG3LP3zUHDwraZG7X2ADfEmlcMvo1Kbl6f17JTH5rfTS5yxYAa"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/js/app.js?v=20
cache-control: max-age=31536000
cf-ray: 811328dbba13baca-MXP
alt-svc: h3=":443"; ma=86400

GET
H2

200

logo_new.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/logo_new.png
https://www.file-upload.org/assets/images/logo_new.png

3 KB
3 KB

47ms
46ms

Image
image/png

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5922397
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEmKqUAIH3vNvcm5VqrxcnAOwqMNXbEJRMweU6CcFaDgqKBdM7IXnuO6x4VzlL9G3IHWbKgQnrja%2FGJ5su2qtWBXBJy6p6hv3CIF3%2FnFqx1M8qBkuWM7PPpoc%2BsAg%2BjtyDAK7g8h"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328e0097e0e1d-MXP
expires: Fri, 04 Aug 2023 16:04:04 GMT

Redirect headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 872
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2FksaDCQ8EoJNDkJ%2BQx%2BjWYHJVjGyvGqxt4JgvP9XYfxZ9y1LxPrASlayHc5ujuP6nnbYOS2r3hjtoR3hLZx0k5wZ12lPr8eVLGZPTxrM%2FKbqIGftJdMoVvD3zpJ%2FDTAWn%2B%2BCiQl"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/logo_new.png
cache-control: max-age=31536000
cf-ray: 811328df592142e3-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 508ms
43ms Script
text/javascript 142.250.185.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f10.1e100.net

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 04:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3146
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2024 04:18:16 GMT

GET
H2

200

anti1.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti1.png
https://www.file-upload.org/mngez/images/anti1.png

19 KB
19 KB

54ms
54ms

Image
image/png

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=stIx2F6YIF3AtftvuC9TbzEwuT%2FzQYlFMux3mnYyjZ221WSskvYMvg77kuyISJ0zY5xCEAw%2BklpBG6ZmsEWup3F86Paespppc2T0RrbSg%2FtIR7%2BlYj2bldk3Ry379uZmrJQJxYpX"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328dfe9600e1d-MXP
expires: Thu, 12 Oct 2023 05:04:51 GMT

Redirect headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 872
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yZcmjUCU%2B9QGanLb4pjREfd9nvArbjR7aliYxhbt1dwC39rUAlev%2Fs5oS6rq53WZzGS%2Fls%2FepECd7WE02GrR2KXs21R7J4syBzwhjzSGbVJw36Eooz%2BOj1vYg1nuyJtfna1F6fc%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti1.png
cache-control: max-age=31536000
cf-ray: 811328df592242e3-EWR
alt-svc: h3=":443"; ma=86400

GET
H2

200

anti2.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti2.png
https://www.file-upload.org/mngez/images/anti2.png

641 B
975 B

49ms
49ms

Image
image/png

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5919195
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyahkRENUUkd0Mw1joxogZB7%2BhGLqrNCmg6QQ%2FiRJxgxqz2uGZsNWlzznzbZg675HFfuC%2FiWTMo5%2Fzn4nk57PoIc%2B1mS%2F8RPJwzSdLXrlL1IkElJVx8M7cHS04ydtjS6%2FANWUfK9"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328e009800e1d-MXP
expires: Fri, 04 Aug 2023 16:57:26 GMT

Redirect headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 872
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1pmkTryIrHuMD9jjaMwTHTBiI%2F3Vgmy5acl1POmTxd5eD%2FOFLygqVul7aGjGLtHz6%2BZb%2FGaY0CeDDwdGENWsG%2BljQCoA3FDQJVQm6rAgFb9nCme6VYbsbXOGUqQXYNYv94jmqYu"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti2.png
cache-control: max-age=31536000
cf-ray: 811328df592442e3-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 83ms
80ms Image
image/png 169.150.247.39
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 09/12/2023 22:47:45
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: e8f34d5f34b574e6191730dd75d79dce
accept-ranges: bytes
cdn-requestcountrycode: CH
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2

200

norton.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/norton.png
https://www.file-upload.org/assets/images/norton.png

5 KB
5 KB

50ms
49ms

Image
image/png

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/
Protocol: H2
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 350
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=beSft%2BK8CGh9MEPUkgPm3T0EfMABq1fgoSmyBRbLvbiZcEXuK1cOeVru2yKHz5Kkx86PDXLtF5Ht2wNwMIo%2FH%2BJoZ53b7vJmcwN%2Bvm3al%2B8FzDoCeoQ39ItshcD6lO%2Fgq7hIyO%2Fc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328e009820e1d-MXP
expires: Thu, 12 Oct 2023 05:04:51 GMT

Redirect headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 872
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7T%2FdjmsEVn0Iyq90P4jUV7%2BspRrkIqdZ6Y%2FkJ0TiOcH1amW2uMnRnYNXxf3Qku4kYAztZn4RXCa34RzsqNGzeBJ%2FUy2%2FDv9%2F6XDy3LipUEBwF3Wa8lmZW414ujVhINOrwishsfK"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/norton.png
cache-control: max-age=31536000
cf-ray: 811328df592542e3-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 304 KB
87 KB 771ms
57ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=33891036c735835969806cd7e88ca730

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

2aea29278b1c9b81b9fcb1fa2ee3f799636114988921da559a5f06cb1d2c0e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 05:10:42 GMT
content-md5: dHRkZ95fdGRk+P35sWXYVg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88122
x-fb-debug: oE+jIyQj58jwNB95dUTmgdbJL5wlB7oJnBbeS1jRdvht4PUEXASnpg492ic34EMzJKOFqPOAVetGYTk6Hz/jPg==
x-fb-content-md5: 544859790f1a1ee4fe72b753518f4d87
cross-origin-opener-policy: same-origin-allow-popups
etag: "9e70dbadeb164de0dc35e56fc2112581"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Fri, 04 Oct 2024 01:10:48 GMT

GET
H2 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 59ms
59ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5919193
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BGSDW5hE4qYRI%2FRWLjxWvqgIY87MryHk5cLkUxEE3rcrlaVMTad20rsCioYb7BP5pRKSbKPhAoAUlwwANRrQkMQxFi3B5c88GViLxqf1%2FArjJuWjaSZez2ji2B8ZW4qywwtqRWU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328df18e00e1d-MXP
expires: Fri, 04 Aug 2023 16:57:28 GMT

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ 380 KB
129 KB 827ms
103ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

743a258e9e16442b04027255b0214ed873724425db7eec597313cd5db9ae7525

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131760
x-xss-protection: 0
server: cafe
etag: 1523424873611595178
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:42 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/ Frame BDDF 10 KB
5 KB 438ms
38ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 51813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 14:47:09 GMT
etag: 2603938475786422795
expires: Wed, 18 Oct 2023 14:47:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
79 KB 53ms
53ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

ead1c99d032782ccc6233b71367df45ae4d73a200e930b22fe7eebb56dee7490

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81253
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Oct 2023 05:10:42 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 436ms
31ms Script
text/javascript 216.239.32.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.32.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 05 Oct 2023 03:38:52 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5510
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 05 Oct 2023 05:38:52 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
253 B 548ms
67ms Ping
text/plain 216.239.32.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je3a20&_p=1300690434&cid=1841705873.1696482642&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1696482642&sct=1&seg=0&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:43 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 79ms
78ms Font
font/woff 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 566866
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtwV1WSXy%2B7wf%2Bx37VpXheDNCVWcwUNWz%2FNlQMuLzpEJYulhWxd%2BFSitogVxITkh6aiwSGvPB7cKqLFMvoH6%2Fq%2BzTf9KqNBk19OU0PGXd2%2BkMHn%2BGfmMkpRAD5l5u1KHqTau%2BQH7"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328e5881f374c-MXP

GET
H2 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
10 KB 67ms
66ms Font
font/woff 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 566866
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I7q4JNZ8WfS45UNPV3QHeiHX%2Fae3azBMUmSr%2FH3skWSwhGkfXHAZ2UCKsnJhVSXLEC1LVclm2%2FkzaNMuN8n9mvg0tX7WNGEGn3UnxJTXMrIu5eHO421M1CU8Nfg4c2abwG6CD1d4"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328e58820374c-MXP

GET
H2 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 50ms
49ms Font
font/woff 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 566866
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FyWozEYFTiLFN9hvYAwnMaKYbqRFC1Tgy9Qbg48Cjxm7G%2F2n0OqNQQWkK0aoSuyxrZiT0KbhFlinPdDycXVk%2BpcpP69G9DruzlzQ9lMmpyhAb01jtuo81o%2Bo5lWpT10aKar3tMM%2F"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 811328e58821374c-MXP

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 385 B
603 B 590ms
85ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.babup.com&callback=_gfp_s_&client=ca-pub-9176521898341909

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

819e9d9b71490ef7ae4284a0615ee183d12763e45c4e0d0a760a7d50c47b44de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 252
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B70A 319 KB
71 KB 855ms
854ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1696475442&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641841&bpp=6&bdt=619&idt=953&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4223582011529&frm=20&pv=2&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=999

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

25891fc12e937a75d5bf71fe6a8c172e2f602e9efe98eb892e85a0ea73d180fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 72508
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:43 GMT
expires: Thu, 05 Oct 2023 05:10:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1A87 115 KB
40 KB 690ms
689ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

6694de3e998537193b58da2fd3b46b6cd844df429ed93ea7c97b04a0477b20de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40684
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:43 GMT
expires: Thu, 05 Oct 2023 05:10:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1B0D 115 KB
40 KB 533ms
532ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

47cefbe21632b3e75219d2953e5f2a024c510b674b408e45fe495767cff00852

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40551
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:43 GMT
expires: Thu, 05 Oct 2023 05:10:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6A31 146 KB
45 KB 353ms
352ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642281&bpp=1&bdt=1060&idt=614&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=tkUw9xstfq&p=https%3A//www.babup.com&dtd=619

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

2a0d6f9ee52f1e421bfe2e0388dd3f2b26f7c647ccdeb39f841a8ebc57cef65b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 45674
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:43 GMT
expires: Thu, 05 Oct 2023 05:10:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
205 B 78ms
77ms XHR
text/plain 216.239.32.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1300690434&t=pageview&_s=1&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=70809473&gjid=518236927&cid=1841705873.1696482642&tid=UA-119779859-1&_gid=1710443287.1696482643&_r=1&gtm=457e3a20&jsscut=1&z=1688146904

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.32.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 6A31 14 KB
2 KB 487ms
55ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642281&bpp=1&bdt=1060&idt=614&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&fsb=1&xpc=tkUw9xstfq&p=https%3A//www.babup.com&dtd=619

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 04:24:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 nessie_icon_tiamat_f_white.png
tpc.googlesyndication.com/pagead/images/ Frame 6A31 239 B
369 B 485ms
76ms Image
image/png 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/nessie_icon_tiamat_f_white.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 21:36:54 GMT
x-content-type-options: nosniff
server: cafe
age: 27229
etag: 8625321034218172526
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 239
x-xss-protection: 0
expires: Thu, 05 Oct 2023 21:36:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 6A31 2 KB
926 B 460ms
82ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 6A31 23 KB
9 KB 457ms
83ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 6A31 3 KB
1 KB 447ms
75ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 6A31 20 KB
9 KB 420ms
50ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6A31 187 KB
59 KB 505ms
100ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 6A31 36 KB
15 KB 448ms
52ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 20:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203515
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 31 Dec 2023 20:38:48 GMT

GET
H2 200 data=pBOmNb5mxrluQ6Hukd31keThHYCTtsT5PPsgMgKiKhk0AFqj1qs7diVWTNNcL-JTMZdQkE0nmvg9n9381onqbcDw7FTZyltR8Q1c7g3OL2hMlV8Z13KYnoKLRw
mts0.google.com/vt/ Frame 6A31 49 KB
49 KB 629ms
182ms Image
image/png 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mts0.google.com/vt/data=pBOmNb5mxrluQ6Hukd31keThHYCTtsT5PPsgMgKiKhk0AFqj1qs7diVWTNNcL-JTMZdQkE0nmvg9n9381onqbcDw7FTZyltR8Q1c7g3OL2hMlV8Z13KYnoKLRw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

a4037b2591046e33a3268b09a6fc1e620634b9beb92c59c1faf58379c96ce5a0

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'; base-uri 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
content-security-policy: script-src 'none'; object-src 'none'; base-uri 'none'
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50234
x-xss-protection: 0
x-server-version-bin: CggIBBCP+POoBg==
server: scaffolding on HTTPServer2
etag: 0baf500608ea1c9fd
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Thu, 05 Oct 2023 06:10:43 GMT

GET
DATA 200
OK truncated
/ Frame 6A31 244 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 6A31 333 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 css
fonts.googleapis.com/ Frame 1B0D 4 KB
728 B 334ms
65ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 04:14:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1B0D 2 KB
945 B 290ms
71ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 1B0D 23 KB
9 KB 286ms
70ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1B0D 3 KB
1 KB 288ms
72ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1B0D 20 KB
8 KB 266ms
51ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1B0D 187 KB
59 KB 324ms
69ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 1B0D 36 KB
15 KB 305ms
59ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 20:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203515
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 31 Dec 2023 20:38:48 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/7100678694543653687/ Frame 1B0D 26 KB
27 KB 286ms
77ms Image
image/jpeg 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7100678694543653687/14763004658117789537?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

c9a0e13fa76f7929fcc709a1db13bcb7fb8c335dc169f82fbe5cfee360c5e950

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 08:18:22 GMT
x-content-type-options: nosniff
age: 75141
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26991
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 09:07:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 03 Oct 2024 08:18:22 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/13077691967104856870/ Frame 1B0D 994 B
1 KB 302ms
94ms Image
image/png 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13077691967104856870/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

7e2b27956da0220e3a28b7af3c42424021b1ca33ddc1859cfaff3b24b9c1c444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 994
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 16:24:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 04 Oct 2024 05:10:43 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 1A87 4 KB
744 B 214ms
63ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

c4ec171d8f202fb90c55007f2dc8ab43a7d089d5e7b717eb03b41fdb3907b261

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 03:36:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 1A87 23 KB
9 KB 213ms
73ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1A87 3 KB
1 KB 59ms
58ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 1A87 20 KB
8 KB 198ms
58ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55652
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1A87 187 KB
59 KB 286ms
104ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 1A87 36 KB
15 KB 68ms
68ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 20:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 31 Dec 2023 20:38:48 GMT

GET
H2 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/ 154 KB
53 KB 106ms
106ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

2ff233d3b584bd23a2bbec47ef19ec479edd16ae282eb40605c5ee6b4216eaef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53736
x-xss-protection: 0
server: cafe
etag: 17193726300016075328
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:43 GMT

GET
H2 200 ca-pub-9176521898341909 Show response
fundingchoicesmessages.google.com/i/ 157 KB
52 KB 515ms
69ms Script
application/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9176521898341909?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

62babc3c2298079f95ecba1fe1a3b9e1d2df13809f3d9a3b11bd3fb6e5b78d8c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-IGOOijYAGVlsj4J9V-oA1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-IGOOijYAGVlsj4J9V-oA1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/7100678694543653687/ Frame 1A87 26 KB
26 KB 65ms
63ms Image
image/jpeg 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7100678694543653687/14763004658117789537?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

c9a0e13fa76f7929fcc709a1db13bcb7fb8c335dc169f82fbe5cfee360c5e950

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 08:18:22 GMT
x-content-type-options: nosniff
age: 75142
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26991
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 09:07:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 03 Oct 2024 08:18:22 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/13077691967104856870/ Frame 1A87 994 B
1 KB 91ms
90ms Image
image/png 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13077691967104856870/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

7e2b27956da0220e3a28b7af3c42424021b1ca33ddc1859cfaff3b24b9c1c444

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:43 GMT
x-content-type-options: nosniff
age: 1
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 994
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 16:24:14 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 04 Oct 2024 05:10:43 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1A87 16 KB
16 KB 450ms
55ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 02:35:09 GMT
x-content-type-options: nosniff
age: 441335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 02:35:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1A87 15 KB
15 KB 439ms
45ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 522232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 04:06:52 GMT

GET
DATA 200
OK truncated
/ Frame 1B0D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fac3aa7f69f967e2b62a7cd19301c9e9d7198140750c4a7ff83ed083a9223693

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6A31 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 642077d9b5063d6f77d777b85c6ed19bbe884b1ce5122bbc6ef6f9cda8aa07af

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 6A31
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CT8R6UkUeZff5OtC378EPvcyb8A_3r86kc--F6575EYiU-IezAhABIIK6uHxg9b3BgbAEoAGjkNuoAcgBCakCFTFRdjxXsj6oAwHIA8sEqgTHAU_QCXI38ttkdTn3Ppywhci_oA2mjE5tATR...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdc5d3ed2b1aefba70000000000000000%22,%222%22:%220xd858560de16d309a0000000000000000%22,%223%22:%220xc6e8cb...

0
0

200ms
78ms

Fetch
text/css

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdc5d3ed2b1aefba70000000000000000%22,%222%22:%220xd858560de16d309a0000000000000000%22,%223%22:%220xc6e8cb9f304467690000000000000000%22,%224%22:%220x90a45e0c79cacd2f0000000000000000%22,%225%22:%220x14886477858f27a60000000000000000%22},%22debug_key%22:%2216083177178416915308%22,%22debug_reporting%22:true,%22destination%22:%22https://decathlon.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22353814563%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210355299998374590593%22}&andc=true

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xdc5d3ed2b1aefba70000000000000000","2":"0xd858560de16d309a0000000000000000","3":"0xc6e8cb9f304467690000000000000000","4":"0x90a45e0c79cacd2f0000000000000000","5":"0x14886477858f27a60000000000000000"},"debug_key":"16083177178416915308","debug_reporting":true,"destination":"https://decathlon.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["353814563"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"10355299998374590593"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 05:10:44 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xdc5d3ed2b1aefba70000000000000000","2":"0xd858560de16d309a0000000000000000","3":"0xc6e8cb9f304467690000000000000000","4":"0x90a45e0c79cacd2f0000000000000000","5":"0x14886477858f27a60000000000000000"},"debug_key":"16083177178416915308","debug_reporting":true,"destination":"https://decathlon.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["353814563"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"10355299998374590593"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1A87 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f9ec28defadaff36ae53d25506a6c0e0120ae187b0e69dddc884e56f76fc397

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 6A31 33 KB
33 KB 376ms
62ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 05:04:01 GMT
x-content-type-options: nosniff
age: 432403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 05:04:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1B0D 16 KB
16 KB 321ms
60ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 02:35:09 GMT
x-content-type-options: nosniff
age: 441335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 02:35:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1B0D 15 KB
16 KB 301ms
41ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 522232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Sep 2024 04:06:52 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 210ms
91ms Preflight
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 05:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6A44 436 B
278 B 284ms
283ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1696475444&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482644102&bpp=1&bdt=2881&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1cf1bb5c0cc8488e%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbZ9YdfSvrUK-QGNPYTDKprk1N0PA&gpic=UID%3D00000c8e20a4f5cc%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbdYgCTauQM4RYNqcSUxY7LeBpUwg&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280&nras=2&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&psts=AOrYGsmLvOF7owMrvd_8adUPHCdymUnY97DHLQiWVI5se4TC_li78wCr9Q0iIuS4fz0enV4FRIaQew82Q0WmUNG5jwY801yV%2CAOrYGsnhFhDuDHXg9Sg5CZBUmDevlu_FOLd8v5YlNni82ABw1Evlxt-wXYs-hXlHl6OYP0LnVvPzQOTb8HU0UqhGmT-okQ%2CAOrYGsnOaPbmoit8DIfyuoQjf-QIadFe5Saq_RC-sIZ-YUPfvk1IOFPfnoDMj8P4FDWoBZazCJouBTxAXFuffHUZ7SAGLly5&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=Bk6bl8ZRxj&p=https%3A//www.babup.com&dtd=224

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

979fd433bf2247772fddeddd75d505fcdf94ae1460a52e10af1fa679c2e59038

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 211
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:44 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B89D 436 B
280 B 353ms
352ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1696475444&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482644102&bpp=1&bdt=2881&idt=-M&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1cf1bb5c0cc8488e%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbZ9YdfSvrUK-QGNPYTDKprk1N0PA&gpic=UID%3D00000c8e20a4f5cc%3AT%3D1696482642%3ART%3D1696482642%3AS%3DALNI_MbdYgCTauQM4RYNqcSUxY7LeBpUwg&prev_fmts=0x0%2C1110x280%2C1110x280%2C1110x280%2C1110x90&nras=3&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&psts=AOrYGsmLvOF7owMrvd_8adUPHCdymUnY97DHLQiWVI5se4TC_li78wCr9Q0iIuS4fz0enV4FRIaQew82Q0WmUNG5jwY801yV%2CAOrYGsnhFhDuDHXg9Sg5CZBUmDevlu_FOLd8v5YlNni82ABw1Evlxt-wXYs-hXlHl6OYP0LnVvPzQOTb8HU0UqhGmT-okQ%2CAOrYGsnOaPbmoit8DIfyuoQjf-QIadFe5Saq_RC-sIZ-YUPfvk1IOFPfnoDMj8P4FDWoBZazCJouBTxAXFuffHUZ7SAGLly5&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=RowHjILB7r&p=https%3A//www.babup.com&dtd=228

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

81c0886c09bbedbd2f21d8be43cb4d5e29321999331265416d2c75eab6ee67ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:44 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 4010 10 KB
4 KB 41ms
40ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 39825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 18:06:59 GMT
etag: 2603938475786422795
expires: Wed, 18 Oct 2023 18:06:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 09B2 10 KB
4 KB 41ms
41ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 39825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 18:06:59 GMT
etag: 2603938475786422795
expires: Wed, 18 Oct 2023 18:06:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 8367 10 KB
4 KB 49ms
49ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 39825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 18:06:59 GMT
etag: 2603938475786422795
expires: Wed, 18 Oct 2023 18:06:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/ Frame 7C0E 10 KB
4 KB 58ms
57ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 39825
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 18:06:59 GMT
etag: 2603938475786422795
expires: Wed, 18 Oct 2023 18:06:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxXfbpnVv7K6c6Y0VVH1yY2rvtmOeGA1AXMC_So5ZPLKVtYOHCQrLxJ97MLdYQD5IwwfM6y1mrSCVVg4kvgktjLVQRIY-qTM8Yx5d3xVXtxR-lfZ0bCcKNipWE_FJ6g75yci0OR3wQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 80ms
80ms Script
application/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXfbpnVv7K6c6Y0VVH1yY2rvtmOeGA1AXMC_So5ZPLKVtYOHCQrLxJ97MLdYQD5IwwfM6y1mrSCVVg4kvgktjLVQRIY-qTM8Yx5d3xVXtxR-lfZ0bCcKNipWE_FJ6g75yci0OR3wQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk2NDgyNjQ0LDM5MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsInRxeEtFQ1NGcUlZIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.tqxKECSFqIY.es5.O/am=ggE/d=1/rs=AJlcJMw8BrP1Vt9flcU9C7oCIvpqBOurOg/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

c0385475c30c52d0c5f36cfcab2110f9a0d0799dc1550b846af954bae77c36b7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bQQVmLsKNn9YX-dQ6C5uPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-security-policy: script-src 'report-sample' 'nonce-bQQVmLsKNn9YX-dQ6C5uPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 4010 4 KB
767 B 49ms
48ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 03:57:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4010 205 B
519 B 47ms
45ms Image
image/png 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 18:51:21 GMT
x-content-type-options: nosniff
age: 37163
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 03 Oct 2024 18:51:21 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4010 604 B
697 B 47ms
45ms Image
image/png 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 09:34:53 GMT
x-content-type-options: nosniff
age: 416151
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 29 Sep 2024 09:34:53 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 4010 15 KB
7 KB 48ms
46ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

729bb9007929a8af5c6f300c99e7c5899043ed1734d39fd6f4e0361b94d1adbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:00:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6551
x-xss-protection: 0
server: cafe
etag: 6101707970674548951
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 14:00:10 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 4010 20 KB
8 KB 49ms
48ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

7f8d937ac3c24cd9099dccaeb3e160dba15d6396b7f8ada3ca95f9ef24633aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:00:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8566
x-xss-protection: 0
server: cafe
etag: 11420928434021954480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 14:00:10 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 1A87
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cck8kUkUeZa-4N7Sy78EP2rCQqAPymdKpYOu0z4XkDL3v2r_NARABIIK6uHxg9b3BgbAEoAH3ncOSAsgBCakCE9TeMTugsT6oAwHIA8sEqgTAAU_QY9_Uhl8SoW7M0JXPqrgIXG5Rwib6lGv...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcb...

0
0

108ms
72ms

Fetch
text/css

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcbd5755ec2360000000000000000%22,%224%22:%220xc723957da7f298b10000000000000000%22,%225%22:%220xfd057a3ac4395e8c0000000000000000%22},%22debug_key%22:%22574464889013032341%22,%22debug_reporting%22:true,%22destination%22:%22https://tiroled.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22575721207%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224478874489207784321%22}&andc=true

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x10ae8d57c83817040000000000000000","2":"0xb8494541dcb0f1800000000000000000","3":"0xe4ddcbd5755ec2360000000000000000","4":"0xc723957da7f298b10000000000000000","5":"0xfd057a3ac4395e8c0000000000000000"},"debug_key":"574464889013032341","debug_reporting":true,"destination":"https://tiroled.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["575721207"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"4478874489207784321"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 05:10:44 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x10ae8d57c83817040000000000000000","2":"0xb8494541dcb0f1800000000000000000","3":"0xe4ddcbd5755ec2360000000000000000","4":"0xc723957da7f298b10000000000000000","5":"0xfd057a3ac4395e8c0000000000000000"},"debug_key":"574464889013032341","debug_reporting":true,"destination":"https://tiroled.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["575721207"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"4478874489207784321"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 1B0D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CjWuQUkUeZYaBOr2a78EPk9GE0AfymdKpYOu0z4XkDL3v2r_NARABIIK6uHxg9b3BgbAEoAH3ncOSAsgBCakCE9TeMTugsT6oAwHIA8sEqgTAAU_QrXzChMDb42k8dGe-SFs1WqUkTFXlXKb...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcb...

0
0

80ms
71ms

Fetch
text/css

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcbd5755ec2360000000000000000%22,%224%22:%220xc723957da7f298b10000000000000000%22,%225%22:%220xfd057a3ac4395e8c0000000000000000%22},%22debug_key%22:%2213182733908138397046%22,%22debug_reporting%22:true,%22destination%22:%22https://tiroled.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22575721207%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229255316078686163825%22}&andc=true

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x10ae8d57c83817040000000000000000","2":"0xb8494541dcb0f1800000000000000000","3":"0xe4ddcbd5755ec2360000000000000000","4":"0xc723957da7f298b10000000000000000","5":"0xfd057a3ac4395e8c0000000000000000"},"debug_key":"13182733908138397046","debug_reporting":true,"destination":"https://tiroled.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["575721207"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"9255316078686163825"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 05 Oct 2023 05:10:44 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x10ae8d57c83817040000000000000000","2":"0xb8494541dcb0f1800000000000000000","3":"0xe4ddcbd5755ec2360000000000000000","4":"0xc723957da7f298b10000000000000000","5":"0xfd057a3ac4395e8c0000000000000000"},"debug_key":"13182733908138397046","debug_reporting":true,"destination":"https://tiroled.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["575721207"],"4":["10-05"],"6":["true"]},"priority":"500","source_event_id":"9255316078686163825"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 34B7 478 B
242 B 58ms
54ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXBZUcqP40Vd1fmkpfZpZSPl3F5jJ4xee5EsC4qHvl5yfo1t60MVYrvuUPmFyA6VHHkw6zXhEBL_5TPZhTwtmflTGKjNQ

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9AC9 89 KB
31 KB 124ms
121ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 9AC9 27 KB
10 KB 320ms
194ms Script
text/javascript 143.204.215.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=&c=1696482642889529&js=pmw0&w=160&h=600&admarker=dynamic

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-67.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

8f559b0eed7c1a9599a188d6b31a3d0cbd07031d6c638c92eae53a13c753cddb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA53-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 0oOiSkRThCEbX8crcTu2IUMVeFaZZve2JKrdGm_VejDkJUiIlN1Vnw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dbm
beacon.sojern.com/imp/ Frame 9AC9 42 B
220 B 171ms
50ms Image
image/gif 107.178.244.119
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.sojern.com/imp/dbm?auc=ABAjH0j0u-zV0u8oSQHgN-F11OzI&li=19644350364&cr=512861025&io=1010642908&seg=&src=https://www.babup.com/&ord=1696482642889529
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Thu, 05 Oct 2023 05:10:44 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

GET
H2

200

B29164104.374615553;dc_pre=COacnKuS3oEDFdSQ_QcdqFECBg;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd... Show response
ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/ Frame 9AC9
Redirect Chain

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;...
https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=COacnKuS3oEDFdSQ_QcdqFECBg;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;...

16 KB
12 KB

83ms
75ms

Script
text/javascript

172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=COacnKuS3oEDFdSQ_QcdqFECBg;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

af6d8ad5bd78c2c7f2b996871e3dc1a58e4cb9390ef99884fe4244848ac79096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12218
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimpj/N505402.2077704SORJEN/B29164104.374615553;dc_pre=COacnKuS3oEDFdSQ_QcdqFECBg;dc_trk_aid=565214980;dc_trk_cid=184476877;ord=1696482642889529;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 9AC9 3 KB
1 KB 55ms
53ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 9AC9 20 KB
8 KB 42ms
40ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9AC9 187 KB
59 KB 56ms
54ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9AC9 42 B
110 B 94ms
93ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CVhseaVGbkOS0_JmzsP4rkjwOkXMGcKkBhe7u2w5cCwa18r4Sx8hQ4fub7FazRf2VEfGBrdJ__g94VND_SUGww81xLxCqzczhrowbA6kbrHRgjpAc

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9AC9 0
121 B 94ms
92ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11602339623542004415&x=1&ct=119

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BE25 611 B
310 B 52ms
50ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-9uFvQEwAQ&v=APEucNVAVZZ7etIwaVJdyN8YVlgnupKT7HMeyynMV6rvLkXpkgKaWGrkjsL6UbVFvrA6eo9W_eE_h6pNGtqXSFNElntVge5D4g

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 243
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7CD4 89 KB
31 KB 183ms
180ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 7CD4 2 KB
1 KB 493ms
53ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=4890742&sid=18330&dvregion=0&unit=160x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0gYrMu72EZvedGKrggi-_zQ&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396455419&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&turl=https://www.babup.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 5aceb9edcea34bb69cbce4ff713f96f5d62f70bbd4bf5ef766bf058bed0fa21c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2023 09:51:44 GMT
Server: UploadServer
ETag: "56f95dec40f6402642b5537aa29ad91c"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 932
Expires: Fri, 06 Oct 2023 05:10:45 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 7CD4 9 KB
4 KB 497ms
56ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0gYrMu72EZvedGKrggi-_zQ&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396455419&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&turl=https://www.babup.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: e63dc2a73afcfc9b99fef901404e796cb623aa18d689c0629fdc966f3f029962

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Oct 2023 09:48:58 GMT
Server: UploadServer
ETag: "d981e68111c0f57114bbc3dfde63fb7a"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3636
Expires: Thu, 05 Oct 2023 05:25:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 7CD4 3 KB
1 KB 40ms
38ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 7CD4 20 KB
8 KB 39ms
37ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7CD4 187 KB
59 KB 54ms
52ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CD4 42 B
107 B 94ms
93ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DInu7wSHgAA37KmkMOD3fU7QsvUOms1OBAiKP9txgG_u0dO3OaM9NhOaI8pMURdAtwRPZlCo_jGgOf5jM1T7daBnrYLJkkNvTQ2v1uwvRhlVyeQN8

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CD4 0
56 B 93ms
92ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7573929915651488480&x=1&ct=77

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EB0C 441 B
244 B 80ms
72ms Document
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY_OOEvQEwAQ&v=APEucNWsEidHr9o4JmzZtn_6b6atIODuhBlZmU9GCmigGoHLLcyiweHP_lGYztgr0nEPBN4YsOTk6FtUQ4X1fTP5s6H6WkphCA

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A046 89 KB
31 KB 147ms
139ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame A046 2 KB
1 KB 477ms
72ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=4890745&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0jUTbiNFjtBQbHyS7_Vyfw5&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396440060&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&turl=https://www.babup.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 5aceb9edcea34bb69cbce4ff713f96f5d62f70bbd4bf5ef766bf058bed0fa21c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2023 09:51:44 GMT
Server: UploadServer
ETag: "56f95dec40f6402642b5537aa29ad91c"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 932
Expires: Fri, 06 Oct 2023 05:10:45 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame A046 9 KB
4 KB 472ms
51ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0jUTbiNFjtBQbHyS7_Vyfw5&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396440060&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&turl=https://www.babup.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: e63dc2a73afcfc9b99fef901404e796cb623aa18d689c0629fdc966f3f029962

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Oct 2023 09:48:58 GMT
Server: UploadServer
ETag: "d981e68111c0f57114bbc3dfde63fb7a"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3636
Expires: Thu, 05 Oct 2023 05:25:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame A046 3 KB
1 KB 58ms
50ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame A046 20 KB
8 KB 43ms
35ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A046 187 KB
59 KB 59ms
52ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A046 42 B
107 B 106ms
99ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A98Iv8MDTMTAAa7q85nswhtKp0t12PO0rdjYNtxppTgYVxKwTQr08SnD15JsIPAaMZSgmlKCqM5-WAaucvRPukK_2nTQtVGmsktxC3LI39F0ywgPo

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A046 0
56 B 106ms
100ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3767901123274362099&x=1&ct=77

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 536A 37 KB
15 KB 74ms
68ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482641847&bpp=2&bdt=626&idt=1004&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=202&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=FnptAtvfU0&p=https%3A//www.babup.com&dtd=1011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175777
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 3364 37 KB
14 KB 75ms
70ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=3654258318&adf=2180648201&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1696475442&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696482642274&bpp=4&bdt=1053&idt=594&shv=r20231003&mjsv=m202309291101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4223582011529&frm=20&pv=1&ga_vid=1841705873.1696482642&ga_sid=1696482643&ga_hid=1300690434&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078597%2C31078301&oid=2&pvsid=3587502899473620&tmod=435120544&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=ChuyVR76IR&p=https%3A//www.babup.com&dtd=608

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175777
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame F066 37 KB
14 KB 74ms
71ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175777
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 34B7 170 B
409 B 205ms
64ms Image
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXBZUcqP40Vd1fmkpfZpZSPl3F5jJ4xee5EsC4qHvl5yfo1t60MVYrvuUPmFyA6VHHkw6zXhEBL_5TPZhTwtmflTGKjNQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 34B7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1

43 B
567 B

96ms
95ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXBZUcqP40Vd1fmkpfZpZSPl3F5jJ4xee5EsC4qHvl5yfo1t60MVYrvuUPmFyA6VHHkw6zXhEBL_5TPZhTwtmflTGKjNQ
Protocol: H2
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=udjFPwib8HFg%2FQtO7Cu0qU5tGz0fxZ%2Bay3QecvlBaxaBRt0%2BPvQipuOU3qWPgvI%2BuGL5pA1Bw5jDoMXnO%2BGOtJC9zyJWdOV23E%2BhlnkmGLNWVk8Y%2B6IGzyS7amTQUMxcrsZ%2FzyNVpiPAKg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811328f37c1d01e7-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 34B7
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZR5FVFgzrViBJLiJpBVnMQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1

43 B
768 B

88ms
87ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJq9JBC6tiYY4cbG9AEwAQ&v=APEucNXBZUcqP40Vd1fmkpfZpZSPl3F5jJ4xee5EsC4qHvl5yfo1t60MVYrvuUPmFyA6VHHkw6zXhEBL_5TPZhTwtmflTGKjNQ
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A7QMDkD7Dua8hxI4xA8V1GBR0u4dQE0w1Hv6ziTpnvBFLSkIThDQcfDYHVPP8%2Fxo8PajMSQ2%2BeznspYkki3VWZPuExyZWymKynVIZeQdef9h67w1OuHdYrDBy0MqfyCCtshBNJ7iz81Ruw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811328f4ed050215-ZRH
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO99Nh7eWDCR0z7idN4v75Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 91ms
81ms Preflight
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 05:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 90ms
82ms Preflight
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x10ae8d57c83817040000000000000000%22,%222%22:%220xb8494541dcb0f1800000000000000000%22,%223%22:%220xe4ddcbd5755ec2360000000000000000%22,%224%22:%220xc723957da7f298b10000000000000000%22,%225%22:%220xfd057a3ac4395e8c0000000000000000%22},%22debug_key%22:%2213182733908138397046%22,%22debug_reporting%22:true,%22destination%22:%22https://tiroled.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22575721207%22],%224%22:[%2210-05%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229255316078686163825%22}&andc=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Oct 2023 05:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxXG59uP_dZqLZ0GYHxTKOVvaY6qkoWho6bqEKNNMxmHh7d5Ber8tkL-ipYUYiDRvc9QMNXyaiUPelLNFoKdtm3CYZQhmS1z8Tga3wohFCcE87_Tr2IwPCSxrMz_bxBFpjQFNRgNug== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 111ms
111ms Script
application/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXG59uP_dZqLZ0GYHxTKOVvaY6qkoWho6bqEKNNMxmHh7d5Ber8tkL-ipYUYiDRvc9QMNXyaiUPelLNFoKdtm3CYZQhmS1z8Tga3wohFCcE87_Tr2IwPCSxrMz_bxBFpjQFNRgNug==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk2NDgyNjQ0LDYyOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmJhYnVwLmNvbS8iLG51bGwsW1s4LCJ0cXhLRUNTRnFJWSJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

9038a29399df3206a023bf3cc53dc08923f3ebf4d3c27e1a1cea0fb8b813eb05

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-l_k5rckIP8IM6KL7LzZ2ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-l_k5rckIP8IM6KL7LzZ2ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 9485 2 KB
926 B 47ms
45ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 9485 23 KB
9 KB 47ms
46ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 9485 3 KB
1 KB 69ms
68ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/ Frame 9485 20 KB
8 KB 45ms
44ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:43:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55653
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:43:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9485 187 KB
59 KB 71ms
70ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 9485 36 KB
15 KB 44ms
43ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 20:38:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Thu, 28 Sep 2023 21:33:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 31 Dec 2023 20:38:48 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame BE25
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELFi9YrnDc5ZEsgD4EuaTKg&google_cver=1

43 B
839 B

58ms
54ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELFi9YrnDc5ZEsgD4EuaTKg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-9uFvQEwAQ&v=APEucNVAVZZ7etIwaVJdyN8YVlgnupKT7HMeyynMV6rvLkXpkgKaWGrkjsL6UbVFvrA6eo9W_eE_h6pNGtqXSFNElntVge5D4g

Protocol

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
an-x-request-uuid: 6a256878-88f7-485d-a106-b7846a70dc50
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 188.60.5.212; 188.60.5.212; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELFi9YrnDc5ZEsgD4EuaTKg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BE25
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcwODI4NTYyODMzNjQzMTcwOA%3D%3D

170 B
232 B

76ms
76ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcwODI4NTYyODMzNjQzMTcwOA%3D%3D

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
an-x-request-uuid: 591be467-9d2a-48af-a1bf-4fa179f4a362
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzcwODI4NTYyODMzNjQzMTcwOA%3D%3D
x-proxy-origin: 188.60.5.212; 188.60.5.212; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame BE25
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELOnYiaqYy2MvNs6UfEBSJI&google_cver=1

43 B
171 B

73ms
72ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELOnYiaqYy2MvNs6UfEBSJI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY-9uFvQEwAQ&v=APEucNVAVZZ7etIwaVJdyN8YVlgnupKT7HMeyynMV6rvLkXpkgKaWGrkjsL6UbVFvrA6eo9W_eE_h6pNGtqXSFNElntVge5D4g
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELOnYiaqYy2MvNs6UfEBSJI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BE25
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGQ5NGJkNjktODY3Yy0yNWI1LWZkNDktMmM2ZmQ3NzM3Mzgz

170 B
232 B

72ms
70ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGQ5NGJkNjktODY3Yy0yNWI1LWZkNDktMmM2ZmQ3NzM3Mzgz

Requested by

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 05 Oct 2023 05:10:45 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGQ5NGJkNjktODY3Yy0yNWI1LWZkNDktMmM2ZmQ3NzM3Mzgz
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

um
sync.teads.tv/ Frame EB0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESENn58ZVMh8VDV0Pkbe-t2n8&google_cver=1

23 B
163 B

139ms
138ms

Image
image/gif

104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESENn58ZVMh8VDV0Pkbe-t2n8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY_OOEvQEwAQ&v=APEucNWsEidHr9o4JmzZtn_6b6atIODuhBlZmU9GCmigGoHLLcyiweHP_lGYztgr0nEPBN4YsOTk6FtUQ4X1fTP5s6H6WkphCA
Protocol: H2
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Thu, 05 Oct 2023 05:10:45 GMT
pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESENn58ZVMh8VDV0Pkbe-t2n8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EB0C
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MmMwYjA3NGQtMTBlYi00NjFiLTgzNzgtMmIyNzdiMjE0OGVj

170 B
232 B

56ms
55ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MmMwYjA3NGQtMTBlYi00NjFiLTgzNzgtMmIyNzdiMjE0OGVj

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY_OOEvQEwAQ&v=APEucNWsEidHr9o4JmzZtn_6b6atIODuhBlZmU9GCmigGoHLLcyiweHP_lGYztgr0nEPBN4YsOTk6FtUQ4X1fTP5s6H6WkphCA

Protocol

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: akka-http/10.2.10
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MmMwYjA3NGQtMTBlYi00NjFiLTgzNzgtMmIyNzdiMjE0OGVj
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Thu, 05 Oct 2023 05:10:44 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame EB0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEIKvimsmBUoTITq8Ndu68NQ&google_cver=1

43 B
175 B

744ms
124ms

Image
image/gif

52.22.91.189
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEIKvimsmBUoTITq8Ndu68NQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY_OOEvQEwAQ&v=APEucNWsEidHr9o4JmzZtn_6b6atIODuhBlZmU9GCmigGoHLLcyiweHP_lGYztgr0nEPBN4YsOTk6FtUQ4X1fTP5s6H6WkphCA
Protocol: H2
Server: 52.22.91.189 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-91-189.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Thu, 05 Oct 2023 05:10:45 GMT
server: nginx
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEIKvimsmBUoTITq8Ndu68NQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9AC9 0
47 B 97ms
93ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2351733508595&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9AC9 0
56 B 92ms
91ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2351733508595&version=m202309260101&ct=119&x=1&cor=11602339623542004000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9AC9 90 KB
37 KB 81ms
80ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJAFYF73UXR7DIpq-uiQelrTzrU0GUFrEq_A0lUoUAA6QW-GGnPd8dOEt33yxrNp-xy7AKjFmId4FVEcMd_7AE-361pBTmY8AWCwL7YorjMYjGHLxxk0YZclLeU_fQTbLWgyC2tScMIE2Gr2VNRgK4gzMnNhFUjHzlVsxMF-2B4AudbnM&cry=1&dbm_d=AKAmf-CACvf5BgoC4KMNDG35j4EJaYh8pxTK3FefWGlQ0KGqxBJE4_K0H_8T9fSvaQ5uvgMJw0MWV2pNI-bsLiuAWzz5vpLlKzN-T-3CweoSlypedCtg2HONYbx8duw6DkOt2UOs3bsSSIahRGJqvLWZMOtAk6Rp6gvQV3GFzegkK7CV7Tiup6do_0qoIWvNOiKcQ5g0BVx_-ficlbDBI1QpiqVvVgyXnw2Zm4W4QvlW26HitiqivTO2Ycz7574AKRHTK814dV9Nv0zTv8V8_d1s8X4uLHukKYFto_uErXdfvXLvElJZyttgR1CCqv2LUCnwRrPDYUpNuGaAMde5kH81D78kuC_DnEGfngWSb9vCJqpXqpAkkhZHu7C8OnRIzdAZDhfPxLzFZkrmESGmJTCh9hYqq1rSBG3J3zigROHRNt_lFOYnp23ppfW8Bs0aP8Vefdx7x-OWOsu-yNhW2Ar9aMyKAQLVEQitHbr9usim9FuUdvl6CGs2csf2OiDDeaOngvR79ItHDktVDNx2o8fJ6x453e8cHaMCgOTcFb1tOCFA1Qvcbn8MCu4o3ruvGYmuIUGSfP6mGoeD120JoydeSo_gUXv1A9uzhLfMhhXYxungbliJxyuQ_7SZGPLUc2plWWj9xgZqGk-FK8StVWWlGwUp_2y4LVMehrZ2NCnU8XmuO6caEJdcn1BN5WKq3sP-o4TLdtroSZYdeVzYqC7VPR0vf_WGg3hat5pY-BdIlNklA9Z7heCbJP-gEPWFQXG_Zi6DRkaufAgTGbbcV9ZXVJliY7dIfE8lm_S-vegimpILvm8Y4ZmIy9f2t6L3rVsSYyYQk3w9QGRLVJT9cvNsfClM0nHUT8J7bl_Gd2dXTASBWDqcVO1oZql61-AyuBfAzwkR6Yn38E5TumrMmCdxV1tLD9Rh_8jXECsXLuAeN5xz2HuPVpnQNjJKb2yDhRlvSBtAGlWIfsa-OdtVhzJLfHhHLD3Y1gsq8xlY87hfwf4KRDpeD-UagQgYGy2bTCN4SpZ9IHE3_fpe5dtevB4CPIyHup6sDuUufGEnvamfVOI4I7Gkud3LRuj4HpTguklCLIwckkwk-yx1-5a5NttSaWB3eG1RSQu7qmJWOdGJOU_8TndgMlfWqb9_hL5_IMEABfBBqyE0yl6RvyMcnqqJJ7890EIwrunxNvIEi_9me9lGheG4oO9ngvjdXus7bmxiR_E62ivCgE7T9WKeAh50BVDl6ghCWHqb-GTNRlsF8xLpQYlOxCNsFVomWZ5wVACN_qINRp7e_S_rq0YbEcxoUbBK8JpTrwwAcThapqGXTnvS5OVG85xvRrvtNh0qczR2P55Ex2yNjvskyFi2XqzQOqY_q0vqJ6DXanqiEBcjzG9R_QfNr1fgFnQ9iRfOn6-klyGWM5JXkurEiSYJvVtKvAipX3F1Uiqdb3zyuALx4jk33KMF4g0YUFgJK9GhC-U8H4nSMM6JaokPYlh09Ae85mGOj5bnKbcMPTNifPo4BYQLF0ubL9rL-LQfXukHX3CfeaBtUG3g11Z0YYhQiaXfZ1a4cGbCJDKZMyobT8XLV8Pm5qL_fVVe1x7_isdJlohMA4dhliONI9gaWIgCCcmScKpERldI0likw-SoaTxga8aE7D4B0OEyOO0HOA9Jc48NXdKOCUUDGk2aDQ6ofSRCdgxqrJod1Q5MryVfXns-p9QDN5yQB0XMJ45qhf-Xsn-K-6dqQoMRDKGbLmTrOtSWdP0mWeKRwJjCgn-T-xMnswWtJ93prpm8H24xptMxvKlOEEcVSji7i_U_smx8TwXbhdXD7-JPoIaKdl00ggGP0OD1iaHGi8acXyz_H9pihNF5i8-NLQN9EEOgy-sjs3WM0ikAjKd7OED11XuXvFg4EhpBzFplkulFAZ4djQB6Z2ghMnFXBYbTbO3Nu9BIrCP9_XZ_WW7Pq6h4SA_Ep60v1lEt6-c0HaiONI2jHJqfb4NTpwFqIjaOvu1CUeqoqYWdwaECxBmYABIBI8GJCuvoiQqDxFiyaciRLXl_9uH3UPrrBcm4G2KWV7Z_gBh3bjxiD34tA-TTr6Ark3PaX3WJLIHLZH2W0rlJpAwVSdj2H3pLu7t5y6ItpbxaAlHuPkxAmXpKcxTtJlkXtP02QMdY5956Kyys6E1rHSBmAahYDoNGcnu7tNyXtcpkd_NsQXI-p0Vvo2s7xDSsrX-YECbbUsYfsXp7d2iqyS6tpS96MVpAqT5G4hI45ctdofpPWHvz7SFxwXBO3hffuTmbebk85AS5OOKMZHYNhd806apMTxQRpJ8j9ZKd67OrSObzmVBuljQ10XouBSRkHbw3QtQft4GzYgwKQS6Zju1QMZQNTS5rkGrXb_cY8olJI-Eec1ZaUEYBEUQGcnlgG2S8mDsbLHunvfOSq4S-sYZddAMRF-thWbVW-aD6QV4o12-CtFVIfPUvZkQRi4VCgIqY1yODtscqbngdYQSx2Kp5aWKDTz8J_YvDsG7RAouCtfNunYynUHyddOODwBr1NqsquLsUbYWSyEz8f4l1tQGZboe0qW-Kh6L2SNUslXCEutgkltTzUrqAHt8uL5hl_Lfivhp8ckASffRXwbQr8rtWdGbQxB20C1CyUdVvmrvcrZzRbE7SuchPb0z6El_Zj7tPP_pC154WCvQX_KlEmuCq3h1NLhSHDhy2xi1pMxRZl8uFfHp6n342clmw9ZJIkJqHAaRgbe9NPDdKbSqsKlSQ2TLnclaNqvfKaoKB8U9BH7PbLwgqABEUxpvcuuL8ok5ZtXTpd-fVutW2wKLhLJzMKcolQh_mKqyDzeFEfHz6doPW2ioh7YU02pjaGy_iQh_tfvJuYAgYR6Ep0HGwzpeEdlZgucb8iBNLLE0uSBQuIDPs0pARhPNJGk0AaTRPQMooMX4N2ipIko8BMBUgbWoYWx-4JmvLbW98GV9pv-SLPbqrx_fY64GLDlsHHHsURu1D0a8PeDbeaQfyFdq1IAvIn97Ev-ohBiQ7fCzk6F9AQ1GXaeBrd41wE9J4CPg5An2YAwSPXmpdeiS9aJ_4uZPQsLKkciJeG90iUoQVX1wnXbY7Ou4n8foJuQO_u3dGvCwXBtSvrZOw5wdD3lNHyCMS4Wa4fX14474zNxP4If6xivJtdmSyj6gJNQFEszb7k0QZNdIe3j3LeRw1GCymccJ9ySdnas8toyobODHcpvWLUr7kMeLB3fcW-oSzH8fmggkU-DfQiRFPzudQgX0RWfHN9hXbJlo0-aIkd7VDv5yvaA5uk9j_aATku6M3FigJTkm5Wb4Ij_HJFPQlWX5bcXo2If8NULMpDa4X_WLRkPBeItgH7bnKTIzAiDdzLDvGgfeaPCemavFIinHstOP9oGycLyp4RtMtWpCnc7pn1DSQXONlZIVldfFpG30M7WJTvDGS3ABIzYtu8yuGAOwHN2vqzr3L4e7RficTnpmgFe6pxhRo22fuqcXlcReJ17C-gSMRRyH7IZx6msy_7Omb1JGm7WLVR26wRSYsS-ZlC_nfheMGU4e8KpgUQx2FOSirznciD9yi3-atTj_QjVFbxvsr1j04RK6JlR-yjvDcWnTSOBJu2MdWJ1yhFWTTi2KvymmsSIvxcvpyfTFIRyPtwEDpnlQmNa2hN5TH7UfLgnjIUogaHiM64p2awZZm7L2VvvrBB7DwlCS8-3iI6c50Q4plx2cyQv32ZPdzAXGpIweW5mFxceFhngL2BAy9_O3gnwsFnuPICX8e1-tHlddAe1NuFVa_-dbfkFmY4QXRywQ9h1Ac5XOnU43XTJzBXrJLjtvepaFV7J287lQVcF3pMk_y_SyXL9lxtt0DkpfumlPhzf9hc4rjj8Yj_rsL0nnj_lM3y_4atA9wvK8A_8tmOiCBm5t8pqXQmwog6gKA3eO1_LYCO_K4UTN16nb17HHaV79bTqws6k3axF3l-_25tFakdo0JpneNvy8_6B8fBjqOim_pnYYNb9MvbXEsH4ylr94SHhn3mCoPU_Svg_7LX7DcwqHlQAjdqP63yKL4tIuxy6HPZAXffUJiwTJExg&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=11602339623542004000&adk=3062569608&idt=135&cac=0&dtd=22

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

44ce7ba46ff62986e910be45b4618240ec92852bae44f13323adb81aa33aeb25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37987
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A046 0
56 B 76ms
76ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9815452643603&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A046 0
56 B 84ms
83ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9815452643603&version=m202309260101&ct=77&x=1&cor=3767901123274362000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A046 16 KB
12 KB 80ms
79ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVmKLH0T-7FG3JitISmaDUiM0ajfVspUsr6VkenaXRnaljF-M1vqaiEoTFbU_RdtYyOBOaziTGrtw1cLBwonG4P6e4ivtB0-KZfFvEipxXbZMLIR54OnfP47LQIX8hkCEyPXb1UmdBrR4AXXty-nPNW-wId_RwdTSpyrzfVAMI9teCkBU&cry=1&dbm_d=AKAmf-BEkM6jyH4MJ0EP1_4WhoxsxpgHtSrEkYDKZNBf1sK8kKXCe1rTFjUCBuVwrnXgYg5HXaSCu4fNiaSfstXpQLNVUCB0vMbYYiWNZwxAgWkzIIbTYHFoRQ3q4ZGb2Fc0yW1cB3Gx4MJ8kf6cmGq_n3zd04E3aCaq75UE7QGv_s1O85Yf0r7zHFUJW0WUNGbMVwVr57bdgmmJjUlZfHfO8i15jMn6UjYHpmv2UdFTV8TYOtyfzau5NY9MczAuv6oyVAdzTea5amcXkUnlhj9DOM2zesKKJRnve9nLEV2hFZ6nbv8mLp3UaUhj8eLg6MbYa-YSXzxJrfmqW6DX1VEU4qhviGSaCAc0ghryp_8NQPt7n02-tIDHkRIbKv6hCQQdKjd8sOMuc3HL01Apm-yPOcd0-fDfn4grhcACwIopPmFuA44Z3663hHX6Ty0stdNvtm4RTGCB6cqaWrhl3NwVKxNeH0e-Ij-qfDn0vDTN83yIas0_BG-Ty29BxMQncMH3Qk_reDpoOhhuBSsbNZ-WypRNi-u9F18Fkflv6EQpqbXBakTT7nfMVzrqbkM80Je_gy_zui-Mt5bzxkqWDJbd5j7wRj-r_SgNLCVwF9pJbjw29K5W7GiKWpfd01Lsp3_JrVnaRBHolJNEmKNSKII15AECuUzH1Af8-D2KufIK0bTecFh49yqyiwaWedx0VYs5iEJgeLMvITrTHeen0LT6hXpua-vmGoyu2fqMCJvbVoXzoxAA6fQ4e7YtVop59P_GoUA3hfvzLtY1NOJSaYIKATv5yhpF1ILBJB_baFoHn_0YCQF4R7JbNPYerJOsiWfUgYgY7nnylnGzLLZ5LjrqOvNej5rPRgSCz5s0SD-SDpEdq8brjzf9nCVnjhWhYQd4wKrSjPdpPHrY4Upe_G8Jc9eBlVZ7UgstWZQEE7lainb5ApdlD-ml4swzt6XwxcHm2uJiAmTR-_ZcVNE0cbc6_Q5fx0Ifry1v-jILxuY6OPI631qTwyNBd5t6jL6bhgMFxQgXp7gSBe1LqivXNaER9XYQTg4Oi1OjtW-nK189-_JvaeIEPun_e-sgY79PbC0vee3OLwbRc76JPlVMeqiEKDeK-8THtUotLawsA3Ty-XHldHrG3METbIjV4sraZdC_Ohjc5ZNxPW0Y2wGI8AaFccvHCv2GG9mBXyHR5-17675s4WXMOmj0aY0HCb-Vxtxwwll3pEUrXA5dznbKEKeqXDOYqTkZMfAeO1k0k5dL2ygAqFc03T7k0HyrcwxnA3CFLJh9n1S4cE2bXNr7wsRiTrpaKaIcXGAQA24E_b484OcClD75HE5IWZF1dGYkrlKfPYV_EWXOpEM1ZjlwkZ_O1dGYMlgoDIOgBSUIGWQ9zg5_5bOGcOjaKYdfR4t7WqMCxvIvBcCqZ00bHclRrYt6_TDPj-_LXOn6o4E5HFzJN1hXCECrGxfXLbONjbRVpuaPMrE7baS9fJTkGUaVOK-nW_l2MsLQt1-jMOL1i87geyk3VBIS8MN6BSiGZHBEjTuzZnlQLnKeBFLh5YhDMTFsYaRqI9ZUOQbbCtU4ImLFJIUZqSCkuMgRuVuPEGLKya0hslXTXMu-OKdXLHG5RmrUnVCgkSnN9EK_Gfpx39V_C7ncmBScWRqtDDOHahF92sYzhdThpA8sOQKtdR36kbrRwmM6-VOFHbnldfh_AYDANjgVOD1MX8mGJhalmq5vWAMTSTNhnA2l2IqG1F_winfOgIdkAOFTo6y3n_HLcTGTHt6VdkgiLR_678kIJiZmW4Bj8VihPO1LGuEMyjJs8Lv_0IwQN-V6AoT6uChOC3m2bvEEZb32fGkqfcPIfeHrCMMop7Y0itvRnSgoQhJiBwK2wHIx6APvvOTULkesj1wJRG_NIYtpsiUqcXi7vygbreHU9iV0SUNNncsfiFfVVNAtwcIP8TslG-7EM3bbx9MAil_zQjZeY2tFWkR9E_O6dRH_VtkAYloFemJMSeHgImVEB5bptWNUWFzopqpBXbx9x4Uz65vjpuXylG4sigW8QYlH8JFJhl6I0KnSWk6kUo0WCqVuGhR_VNunhrZdK6oso7WKSlVojcK-3vnaseZ20a0MjX6On9CYqFwC7SpF0MiBCIEhFNaLT8iT0U7nPy-S621nDTiglapgsW4HtOxHafekUUxYv3rWhRCkoT8q3DkqaLvSeBqi45w1JYYaAFA4FPyAIb2mQZpx2EW_nhriF6p24x-PVM06MC0Q_TUsaTJKrZSiKTYDOfVEwzs75yhozKacoabiymuUP_kwTXeQVUdcnxa33Q5poNmTJEBFzjuLzuLDq0DC7fL6xeGw9Lrl4l16o6XLOmPc3CBEdcAMQ1CqUu1aFAlsgkS0Dla6rRa-ydGvwArOdygzm97b6adqwt3U4CWMV8J78eTktrwzgxjbVG_EgtSS_uhmUCmgKBBUaNEeIJeyN7gvlvE0bMyrnTa7UjcFdYCu9NNA18FZR9O2o33j65RYOEzcCKPmXaf4JZz3clH0bihADtjfJueCBc2iHFvejFNLXA9n7YRNYBGuRihL1bAIT2R3pGVX72nFm9TAOuj70Q4qEfEg-G1E6V9R7aH7WvD0LG43bosP8IhtcrHczZpJtCalz6NX8kONshhI9-dS-HBSdW5fiU3Eht68VUmkvDuLP06vC1diO9zQRqhfbndrB27LOuaL4qeKab9HmNQH2DeEh0Q1X5X8qgao12R97mfskYCwB5bnBXEXk1J0ySlO-BCZbrPtP0ZYC8cGenoNNhLWbhcZHe2pMXxrYTfUNYXw8hGcSGKDvfNlwGOYCFsS49DydjfwpIuEFkqHggN34X4fWKGONrOpyRmjbf_jSHe0f6jmzyODJurTrX4NfCQAcAKK7XJhyBVGeP1vCxaqZDRzAg5YdK6QPjVdsKElTv6h47u6MM1gHlmHUtqzfLtXPheXYCN0n2WEuMJSG5j6EBcEsi0RSn49U7RFGndBmt21fyb_Qsf-ZHAputS24Mrq7CcHPdSNBbhKXGA9qXl5GecWFt8DtXsDsB_ZMFbIEVnWJMsNCHTDqrr8cAamBo7G2BOjjAg6uexjG64_QQJdM2CQW1YRKB8gwb2WffUgfZnBrJnylOLVgwaNZ-uxIVzwdAREu3yv0MGQYey8f0fLgXXc4plBUYwBLRMUlFoZWDfgAojUhf2GveXF3dxge83K1NR-4jj0a1oWDGP2nQI0Ei87zDKWQx-c91eFtMEnIgIr-BwWF70Bi6kQQc3lag1yuZFsaTw90k3YXbPIulUPD3YEO5TmSGO0H13M5uLkHIdXERLjA1rAUjkgF7goQV0DQDqEhcflxY9ladSkPC76UMvlGhLdkBGEDeVZB7Btgv6L3QL9YC1-81oTb1IrrlZReqS7B1ePn0VISdyqkgruOCfOLiMaMVY2Zet7sSfI22IAMkA9BiMU1f1SiK2ZWnnUex_qtc50pp5KHkNgvfevBOr0c2A-WGrjlwgBwgbqIGT733cWgDOCQbd9ZQEX0Pssp-Dmkb1TIOhpTBslKz4nA1PpjTAI1SqYDZTSFORDJxpjBUJPeuWDWUW0ySigBrntwejacMCUmLA9OI5uUUg9cK3OKeCfLfUC_E0Meif7PhRRDiYyPqF-sfgcadubuD26jETXiPIoAj8iMe1f8yX2PFvH-7XYDufVUqwsoQadeofHIWJOIhSJcZaLeZ8uXfrghnMi4B8QLXLLTSfY6TXM7bqdr40n2fosyEaAw6FHNBG2JGN6DEHbNJWUXlIOauXI&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=3767901123274362000&adk=1405019969&idt=165&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

15bd89b4b3f694b9815c553cb3699da0aa21aaeea62eefac54d0f6259f1745ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CD4 0
56 B 77ms
76ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9500227918913&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CD4 0
56 B 98ms
97ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9500227918913&version=m202309260101&ct=77&x=1&cor=7573929915651489000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7CD4 16 KB
12 KB 113ms
112ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AVIR0HJqTKZ8Omz_yuyKjXSKGmxjUKGhBYknV7Cq5grob5Wf65XmD1bVnl52AG17mRvCvdInCsljIiOHaqDwUS4z2DmBgp-BfPFoqYChm9_umGcwunjr3FVNrGRYkK-Q1mMDDpeDX1iXIym9vHyUj3ZxVKgSxvDeXLvjUnKjHGw4x7o9Q&cry=1&dbm_d=AKAmf-Dqcng6c9Y8DI-lHY-jDG3MvnkeYTcCdNVX7GPoYwibfPZV3TWbS4xZKZgMxYqWLN5W6Qx5dxfEw9MCwojTgCjUD0CJHJHKG_Anmf_4WEME334PTWsYlLQYX3gL5qKdKPuP4I2a0mXRqcxbpp833KXGz98lOlZ6ctoFctEQ-ndIut37Qnuh9Cyh5FJAj5hKqJLiHJWnePbc3rJseaIizm5OauvTD8nsli6r-EJGzN2LCbTfYpGERAwmeAJTpiZgKgWc_ovIqmECK6x6pC85ONZD0ved3sXFYhx6nsgr_bXRFMm6ipaDV5TOEJ8xXq15icqvi8TalWiBSVT5hcwVMcJgYGnxwmvahBUsrwR7rmX3t59lD73k44sESDD2l-HTv5-xUdsI103YJhydLKXkCUkAt5l6zJxb9La3U5Lx2xFERRgS0veUWt76SJ53HshCoDPWb7A2IWZlJQzGbGO1w8CtxDkwD6bJO6VMYvQJVMBMKgCtUmea6pgg4AGmymYpnxuGW7lko3SxI8_wT68vxPOR4SS1yrGHdqTZyupZXw5wusy_Ku7UUehyR4Xc99PBL_vyuRLUdRAoW8d9rVMqPdHPllp52uFSO32-lRITg2XDevUwkKqbnP4NKoP9G5p48q70VvyogMeNxQn0k78Br5R1PcS02SvJ-j5LyA9c0BzK1ubJXJ4O1gdjIlep_KCeb4ywLux_p5YCbem3yPBMLONpugM1TM8EzbsSsyPKk-Y3h5PPk4zoplXO3GM7xSFoAvVrt5dy74H6AjAlxUl1L-j5grYETFUELwWD0Vvv0p8wjVvz5c6O1sahmnhuNHFSxUPeXSp4RM5lDbnVti2NC92I_IGWBzrm9jD0_68CCjX0dJYNKZPqUG4PrDZDdsZ24d2N6I2hbynvB0oVjsQc5gusx-OVaKGX1bhODElyqIJTq4GNjpYDf6weZH9YKFfrIggVo3h6jSi1MC5CUUhN4yDeJuecXn7KmEezrwN-KURWYjgK1G5BlyCKkeAoTeYdVSZHciL5JOQOslpxb77KdeiaAC6TnlMNfXKe6Rmf86sOlbHjc_gYayxffbEUVWaRzY4walZ0FzaP5aeRQ70BhKFsEPnbN_tSHHG8beFKc42HsBHrzX5hoTfhwvrOSJvYu5vZZ67QOLPvoBwF0QsNXOoDKyF-QuLrWA8tZXmKzrKux6R4nvEopUvp3NrLbypVwI2BJ3PuRJ40hKhmbEIdyNiTfucPwJyszGNBt_v1IupIXaiQ9MjXKw0Eedj5OsS7nGAhqdsxLHhe_ckd9DqNyq0aT6ozYXwtisFyOu9fhbolSTE8_mHXhvz8zTEAbeCyU0rfAjvcaTbY1zZrDaVkzTmc78U59o6mErvd1-45Yf5iEMQL_09aHIyp1BLAOTRhf6roFn1FWvgfdqxacilCeyZRsX9lnyQ9C49IiJNiK4d5_bPfMj2ANj0f3cFPZ8W3L_X3dNG3UUgSNhz60VXQBHiaEm9zf2DaEYkQujxDhOUd1KO51yL4lH7HIbL_9hAb6EpJbz3q60Obf_rjm852amqAtnviqgsR8I1Oezbl7a4GGpr7mhSX8siukzFApNq6zzWP80yNnB8FXo5gqH2V_dVgKF8f1nzv4aekKvLlD_AfdhoFnOxJyU0X1DAv3wMssCgadMy1lwzrClDow4cN3jUFYt79paDyWCCZfXOKwa_mt6viyOFNOhAUUflPwAyepu0jTjoFj6h0OYZRa3rUrRmXbhcG5a1wbmiaF39ODs_biTh7Wv4uOUS3yn8Ql6wxYKHgTmByAo3yzQ0YmvgwVwIyYwrgO1SheWyliSbYaTiFiOWKIzcBM0N-5dFm4gqPg_5-sGqFdZnX8l-4j6j4bxwaA2JGfCl8q04ZcdSK1aNBjy59bVE68B_jPlTTqWPY5gTX5slmKUUz9Ls_xTD7oMgXP1QHQVnUNL3ruI0x5RUgYTy9bZsAKe5KtQ5CJboDEx6xfAGbxuigP4xZpziBHVOOSgSNRHEFFmmn50NF92Xmt-LshteTWAjWBGjD6sTP6zgqr7Bc_jklDRc3o7gXnO8pnIVka6b4umRK4RuODCDfD8Om6Xv6421JcUyCnUeekNrveQaacLn4IE3tSrIGOR1SIF8SR66axwdeZHMxlgtfzj4aBR5MDkpHSy0l9I-Eg9Ml-oS-DyPK2rdyVDr7i7eF0n05uwti_uGvLeP0SfqYw9_6_WScH1TGKrcxktQ9OxZDwJgkOEIw1oitjXQZgjOx7_I922_eaCf02prr5xI2vie4Y23VYMKrPBHhKbhj5sCcRO7vdoKx_fudm8tew6ZAJcLg9ZOzZBWaOb1EA5bKXJ_XQZgKSg--ruPIBj7DZnDsDX6mGkLzgTMF3i5pzBfOrgmTqSdbTrFkDXhOWznzCBhBQhDOhuZZnoeQpQr7Emf3FgnMmmjXuWhSIud3TeSh3gRtaRrt0wSdH2XOSsc0-GRRbu8nu_sdnMnUd7YRbYvpWh1aJnGvflBhzImOmFVAmvyieJ0CpMaNMZ6TYq4z3gh3QTwHal1pNmYjD5-gC-Nt9dtXElGGFqbf1hYqU_MRniEjlvG_DpqkUBhFGac5iwaK6esiG6CvZ5pOXPZKcHosP2brQxc9rz4kHW4uXp9uaM4urr5IML069UY117ymxBkhpGrllchMF6fjU4InMiXHATR3hY4D984MTIj5XQ6cMOGaXVQMesx0xbaxJo0X5wAa06b_ER5djs3SCSJgzxyp9LNZJxrfbTUOgKMwI4norxw-tgiUXrEi42Ep00URylowtPwveBFd9_oh5IIWr5urvz6q8Gck2U0WophjDcQgMmE9xm4cMzCe_FvWySeQE5VhgBz8JBEZs_g75pX8_vwZrnuDFoYmilu3lLG5mekXvSy_0z9k6LQFzZ1kwzjVEMccwDL39zPYpqtP4WqGbKHi99BLQW97_99Bc_KdnepAA0WQnxuGmwmpHe2YddVMDOqf5Xckhg6AMJphd2GBfNu0o2SC-niew9h6ah7-45FJlfvgNveFL3EGYQcPZ6BoA-axVtAmlZz8TETs4kB1kU975pnA21qEskSpQxxD5PRDjbjdzsjnkYnGAml90I60K41L1ArugN0xzpLm_qK3HwL02PCEX6KHi70ZYPn2GrV4LMdHFBxjaJiL-Xzbsiebyrw2YAzkn2J7ZkpOhzwqn-8Ueocv1a2VZp0V0Xz8TYYJkweY6C36tfmczc2d7m8DMItN-uaN8YNINiMCYU6Ui8agDTuuhlSul6Nd5ro2n_gE5WZv0RfyeVaaYGFdpV4pa7bUImiMpcQrsgf_LPeuyGC-JAJF-YcHDedIo6AItC6nOimKxab3XX3SXxvucsIf2HwU3kisH8ch3l9y_b8KMLTGdZJUxZkcXXWy3cT39LmJjUY83e-_5hWkz5KYWPp415vI-KjnXKGAbxGCFZJzrgcGd7K6SqyU21HH5MXGUPsHFuYQuSOrMjHQJBJa5rV-6nRHYA1gX_hmzWNuVnQjKi0sTzEiz-OOAMYiHEIN_WtkKz-Btjf6YwAkX8fwuHlMQQ_kqFC80Dkd9EQvNbfaAMaPm75H7QW6bfSYo8at-8_85-2L_jM81YKB3Kh0EUbE0hHCbMRgkh4HL_EYHgzlD__B2eNll4FVO8_p-POO7kSl3M-rRjy3RaY6IUaASw4ELCgU9YXiNMo_IA0bHAI5rtrZ5VmVTQYSaa_zR0eDH9_RRl9UXy0Nlxrkp76PIMUcmp1g9JM6Ue7EGJqU0jrclsBhVfiO&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=7573929915651489000&adk=1935140218&idt=193&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

89549e135bde576577a5883d2015fd13920f12f3ddb0bfbfd0e69adfb1f77ef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12218
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9AC9 111 KB
39 KB 536ms
87ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 07:03:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79641
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Oct 2023 07:03:24 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame 9AC9 11 KB
4 KB 53ms
53ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJAFYF73UXR7DIpq-uiQelrTzrU0GUFrEq_A0lUoUAA6QW-GGnPd8dOEt33yxrNp-xy7AKjFmId4FVEcMd_7AE-361pBTmY8AWCwL7YorjMYjGHLxxk0YZclLeU_fQTbLWgyC2tScMIE2Gr2VNRgK4gzMnNhFUjHzlVsxMF-2B4AudbnM&cry=1&dbm_d=AKAmf-CACvf5BgoC4KMNDG35j4EJaYh8pxTK3FefWGlQ0KGqxBJE4_K0H_8T9fSvaQ5uvgMJw0MWV2pNI-bsLiuAWzz5vpLlKzN-T-3CweoSlypedCtg2HONYbx8duw6DkOt2UOs3bsSSIahRGJqvLWZMOtAk6Rp6gvQV3GFzegkK7CV7Tiup6do_0qoIWvNOiKcQ5g0BVx_-ficlbDBI1QpiqVvVgyXnw2Zm4W4QvlW26HitiqivTO2Ycz7574AKRHTK814dV9Nv0zTv8V8_d1s8X4uLHukKYFto_uErXdfvXLvElJZyttgR1CCqv2LUCnwRrPDYUpNuGaAMde5kH81D78kuC_DnEGfngWSb9vCJqpXqpAkkhZHu7C8OnRIzdAZDhfPxLzFZkrmESGmJTCh9hYqq1rSBG3J3zigROHRNt_lFOYnp23ppfW8Bs0aP8Vefdx7x-OWOsu-yNhW2Ar9aMyKAQLVEQitHbr9usim9FuUdvl6CGs2csf2OiDDeaOngvR79ItHDktVDNx2o8fJ6x453e8cHaMCgOTcFb1tOCFA1Qvcbn8MCu4o3ruvGYmuIUGSfP6mGoeD120JoydeSo_gUXv1A9uzhLfMhhXYxungbliJxyuQ_7SZGPLUc2plWWj9xgZqGk-FK8StVWWlGwUp_2y4LVMehrZ2NCnU8XmuO6caEJdcn1BN5WKq3sP-o4TLdtroSZYdeVzYqC7VPR0vf_WGg3hat5pY-BdIlNklA9Z7heCbJP-gEPWFQXG_Zi6DRkaufAgTGbbcV9ZXVJliY7dIfE8lm_S-vegimpILvm8Y4ZmIy9f2t6L3rVsSYyYQk3w9QGRLVJT9cvNsfClM0nHUT8J7bl_Gd2dXTASBWDqcVO1oZql61-AyuBfAzwkR6Yn38E5TumrMmCdxV1tLD9Rh_8jXECsXLuAeN5xz2HuPVpnQNjJKb2yDhRlvSBtAGlWIfsa-OdtVhzJLfHhHLD3Y1gsq8xlY87hfwf4KRDpeD-UagQgYGy2bTCN4SpZ9IHE3_fpe5dtevB4CPIyHup6sDuUufGEnvamfVOI4I7Gkud3LRuj4HpTguklCLIwckkwk-yx1-5a5NttSaWB3eG1RSQu7qmJWOdGJOU_8TndgMlfWqb9_hL5_IMEABfBBqyE0yl6RvyMcnqqJJ7890EIwrunxNvIEi_9me9lGheG4oO9ngvjdXus7bmxiR_E62ivCgE7T9WKeAh50BVDl6ghCWHqb-GTNRlsF8xLpQYlOxCNsFVomWZ5wVACN_qINRp7e_S_rq0YbEcxoUbBK8JpTrwwAcThapqGXTnvS5OVG85xvRrvtNh0qczR2P55Ex2yNjvskyFi2XqzQOqY_q0vqJ6DXanqiEBcjzG9R_QfNr1fgFnQ9iRfOn6-klyGWM5JXkurEiSYJvVtKvAipX3F1Uiqdb3zyuALx4jk33KMF4g0YUFgJK9GhC-U8H4nSMM6JaokPYlh09Ae85mGOj5bnKbcMPTNifPo4BYQLF0ubL9rL-LQfXukHX3CfeaBtUG3g11Z0YYhQiaXfZ1a4cGbCJDKZMyobT8XLV8Pm5qL_fVVe1x7_isdJlohMA4dhliONI9gaWIgCCcmScKpERldI0likw-SoaTxga8aE7D4B0OEyOO0HOA9Jc48NXdKOCUUDGk2aDQ6ofSRCdgxqrJod1Q5MryVfXns-p9QDN5yQB0XMJ45qhf-Xsn-K-6dqQoMRDKGbLmTrOtSWdP0mWeKRwJjCgn-T-xMnswWtJ93prpm8H24xptMxvKlOEEcVSji7i_U_smx8TwXbhdXD7-JPoIaKdl00ggGP0OD1iaHGi8acXyz_H9pihNF5i8-NLQN9EEOgy-sjs3WM0ikAjKd7OED11XuXvFg4EhpBzFplkulFAZ4djQB6Z2ghMnFXBYbTbO3Nu9BIrCP9_XZ_WW7Pq6h4SA_Ep60v1lEt6-c0HaiONI2jHJqfb4NTpwFqIjaOvu1CUeqoqYWdwaECxBmYABIBI8GJCuvoiQqDxFiyaciRLXl_9uH3UPrrBcm4G2KWV7Z_gBh3bjxiD34tA-TTr6Ark3PaX3WJLIHLZH2W0rlJpAwVSdj2H3pLu7t5y6ItpbxaAlHuPkxAmXpKcxTtJlkXtP02QMdY5956Kyys6E1rHSBmAahYDoNGcnu7tNyXtcpkd_NsQXI-p0Vvo2s7xDSsrX-YECbbUsYfsXp7d2iqyS6tpS96MVpAqT5G4hI45ctdofpPWHvz7SFxwXBO3hffuTmbebk85AS5OOKMZHYNhd806apMTxQRpJ8j9ZKd67OrSObzmVBuljQ10XouBSRkHbw3QtQft4GzYgwKQS6Zju1QMZQNTS5rkGrXb_cY8olJI-Eec1ZaUEYBEUQGcnlgG2S8mDsbLHunvfOSq4S-sYZddAMRF-thWbVW-aD6QV4o12-CtFVIfPUvZkQRi4VCgIqY1yODtscqbngdYQSx2Kp5aWKDTz8J_YvDsG7RAouCtfNunYynUHyddOODwBr1NqsquLsUbYWSyEz8f4l1tQGZboe0qW-Kh6L2SNUslXCEutgkltTzUrqAHt8uL5hl_Lfivhp8ckASffRXwbQr8rtWdGbQxB20C1CyUdVvmrvcrZzRbE7SuchPb0z6El_Zj7tPP_pC154WCvQX_KlEmuCq3h1NLhSHDhy2xi1pMxRZl8uFfHp6n342clmw9ZJIkJqHAaRgbe9NPDdKbSqsKlSQ2TLnclaNqvfKaoKB8U9BH7PbLwgqABEUxpvcuuL8ok5ZtXTpd-fVutW2wKLhLJzMKcolQh_mKqyDzeFEfHz6doPW2ioh7YU02pjaGy_iQh_tfvJuYAgYR6Ep0HGwzpeEdlZgucb8iBNLLE0uSBQuIDPs0pARhPNJGk0AaTRPQMooMX4N2ipIko8BMBUgbWoYWx-4JmvLbW98GV9pv-SLPbqrx_fY64GLDlsHHHsURu1D0a8PeDbeaQfyFdq1IAvIn97Ev-ohBiQ7fCzk6F9AQ1GXaeBrd41wE9J4CPg5An2YAwSPXmpdeiS9aJ_4uZPQsLKkciJeG90iUoQVX1wnXbY7Ou4n8foJuQO_u3dGvCwXBtSvrZOw5wdD3lNHyCMS4Wa4fX14474zNxP4If6xivJtdmSyj6gJNQFEszb7k0QZNdIe3j3LeRw1GCymccJ9ySdnas8toyobODHcpvWLUr7kMeLB3fcW-oSzH8fmggkU-DfQiRFPzudQgX0RWfHN9hXbJlo0-aIkd7VDv5yvaA5uk9j_aATku6M3FigJTkm5Wb4Ij_HJFPQlWX5bcXo2If8NULMpDa4X_WLRkPBeItgH7bnKTIzAiDdzLDvGgfeaPCemavFIinHstOP9oGycLyp4RtMtWpCnc7pn1DSQXONlZIVldfFpG30M7WJTvDGS3ABIzYtu8yuGAOwHN2vqzr3L4e7RficTnpmgFe6pxhRo22fuqcXlcReJ17C-gSMRRyH7IZx6msy_7Omb1JGm7WLVR26wRSYsS-ZlC_nfheMGU4e8KpgUQx2FOSirznciD9yi3-atTj_QjVFbxvsr1j04RK6JlR-yjvDcWnTSOBJu2MdWJ1yhFWTTi2KvymmsSIvxcvpyfTFIRyPtwEDpnlQmNa2hN5TH7UfLgnjIUogaHiM64p2awZZm7L2VvvrBB7DwlCS8-3iI6c50Q4plx2cyQv32ZPdzAXGpIweW5mFxceFhngL2BAy9_O3gnwsFnuPICX8e1-tHlddAe1NuFVa_-dbfkFmY4QXRywQ9h1Ac5XOnU43XTJzBXrJLjtvepaFV7J287lQVcF3pMk_y_SyXL9lxtt0DkpfumlPhzf9hc4rjj8Yj_rsL0nnj_lM3y_4atA9wvK8A_8tmOiCBm5t8pqXQmwog6gKA3eO1_LYCO_K4UTN16nb17HHaV79bTqws6k3axF3l-_25tFakdo0JpneNvy8_6B8fBjqOim_pnYYNb9MvbXEsH4ylr94SHhn3mCoPU_Svg_7LX7DcwqHlQAjdqP63yKL4tIuxy6HPZAXffUJiwTJExg&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=11602339623542004000&adk=3062569608&idt=135&cac=0&dtd=22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:48:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55363
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:48:02 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/ Frame 9AC9 30 KB
11 KB 49ms
49ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:48:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55314
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:48:51 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9AC9 41 KB
14 KB 49ms
49ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 578657
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame E5F4 37 KB
14 KB 69ms
68ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A046 41 KB
13 KB 69ms
68ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVmKLH0T-7FG3JitISmaDUiM0ajfVspUsr6VkenaXRnaljF-M1vqaiEoTFbU_RdtYyOBOaziTGrtw1cLBwonG4P6e4ivtB0-KZfFvEipxXbZMLIR54OnfP47LQIX8hkCEyPXb1UmdBrR4AXXty-nPNW-wId_RwdTSpyrzfVAMI9teCkBU&cry=1&dbm_d=AKAmf-BEkM6jyH4MJ0EP1_4WhoxsxpgHtSrEkYDKZNBf1sK8kKXCe1rTFjUCBuVwrnXgYg5HXaSCu4fNiaSfstXpQLNVUCB0vMbYYiWNZwxAgWkzIIbTYHFoRQ3q4ZGb2Fc0yW1cB3Gx4MJ8kf6cmGq_n3zd04E3aCaq75UE7QGv_s1O85Yf0r7zHFUJW0WUNGbMVwVr57bdgmmJjUlZfHfO8i15jMn6UjYHpmv2UdFTV8TYOtyfzau5NY9MczAuv6oyVAdzTea5amcXkUnlhj9DOM2zesKKJRnve9nLEV2hFZ6nbv8mLp3UaUhj8eLg6MbYa-YSXzxJrfmqW6DX1VEU4qhviGSaCAc0ghryp_8NQPt7n02-tIDHkRIbKv6hCQQdKjd8sOMuc3HL01Apm-yPOcd0-fDfn4grhcACwIopPmFuA44Z3663hHX6Ty0stdNvtm4RTGCB6cqaWrhl3NwVKxNeH0e-Ij-qfDn0vDTN83yIas0_BG-Ty29BxMQncMH3Qk_reDpoOhhuBSsbNZ-WypRNi-u9F18Fkflv6EQpqbXBakTT7nfMVzrqbkM80Je_gy_zui-Mt5bzxkqWDJbd5j7wRj-r_SgNLCVwF9pJbjw29K5W7GiKWpfd01Lsp3_JrVnaRBHolJNEmKNSKII15AECuUzH1Af8-D2KufIK0bTecFh49yqyiwaWedx0VYs5iEJgeLMvITrTHeen0LT6hXpua-vmGoyu2fqMCJvbVoXzoxAA6fQ4e7YtVop59P_GoUA3hfvzLtY1NOJSaYIKATv5yhpF1ILBJB_baFoHn_0YCQF4R7JbNPYerJOsiWfUgYgY7nnylnGzLLZ5LjrqOvNej5rPRgSCz5s0SD-SDpEdq8brjzf9nCVnjhWhYQd4wKrSjPdpPHrY4Upe_G8Jc9eBlVZ7UgstWZQEE7lainb5ApdlD-ml4swzt6XwxcHm2uJiAmTR-_ZcVNE0cbc6_Q5fx0Ifry1v-jILxuY6OPI631qTwyNBd5t6jL6bhgMFxQgXp7gSBe1LqivXNaER9XYQTg4Oi1OjtW-nK189-_JvaeIEPun_e-sgY79PbC0vee3OLwbRc76JPlVMeqiEKDeK-8THtUotLawsA3Ty-XHldHrG3METbIjV4sraZdC_Ohjc5ZNxPW0Y2wGI8AaFccvHCv2GG9mBXyHR5-17675s4WXMOmj0aY0HCb-Vxtxwwll3pEUrXA5dznbKEKeqXDOYqTkZMfAeO1k0k5dL2ygAqFc03T7k0HyrcwxnA3CFLJh9n1S4cE2bXNr7wsRiTrpaKaIcXGAQA24E_b484OcClD75HE5IWZF1dGYkrlKfPYV_EWXOpEM1ZjlwkZ_O1dGYMlgoDIOgBSUIGWQ9zg5_5bOGcOjaKYdfR4t7WqMCxvIvBcCqZ00bHclRrYt6_TDPj-_LXOn6o4E5HFzJN1hXCECrGxfXLbONjbRVpuaPMrE7baS9fJTkGUaVOK-nW_l2MsLQt1-jMOL1i87geyk3VBIS8MN6BSiGZHBEjTuzZnlQLnKeBFLh5YhDMTFsYaRqI9ZUOQbbCtU4ImLFJIUZqSCkuMgRuVuPEGLKya0hslXTXMu-OKdXLHG5RmrUnVCgkSnN9EK_Gfpx39V_C7ncmBScWRqtDDOHahF92sYzhdThpA8sOQKtdR36kbrRwmM6-VOFHbnldfh_AYDANjgVOD1MX8mGJhalmq5vWAMTSTNhnA2l2IqG1F_winfOgIdkAOFTo6y3n_HLcTGTHt6VdkgiLR_678kIJiZmW4Bj8VihPO1LGuEMyjJs8Lv_0IwQN-V6AoT6uChOC3m2bvEEZb32fGkqfcPIfeHrCMMop7Y0itvRnSgoQhJiBwK2wHIx6APvvOTULkesj1wJRG_NIYtpsiUqcXi7vygbreHU9iV0SUNNncsfiFfVVNAtwcIP8TslG-7EM3bbx9MAil_zQjZeY2tFWkR9E_O6dRH_VtkAYloFemJMSeHgImVEB5bptWNUWFzopqpBXbx9x4Uz65vjpuXylG4sigW8QYlH8JFJhl6I0KnSWk6kUo0WCqVuGhR_VNunhrZdK6oso7WKSlVojcK-3vnaseZ20a0MjX6On9CYqFwC7SpF0MiBCIEhFNaLT8iT0U7nPy-S621nDTiglapgsW4HtOxHafekUUxYv3rWhRCkoT8q3DkqaLvSeBqi45w1JYYaAFA4FPyAIb2mQZpx2EW_nhriF6p24x-PVM06MC0Q_TUsaTJKrZSiKTYDOfVEwzs75yhozKacoabiymuUP_kwTXeQVUdcnxa33Q5poNmTJEBFzjuLzuLDq0DC7fL6xeGw9Lrl4l16o6XLOmPc3CBEdcAMQ1CqUu1aFAlsgkS0Dla6rRa-ydGvwArOdygzm97b6adqwt3U4CWMV8J78eTktrwzgxjbVG_EgtSS_uhmUCmgKBBUaNEeIJeyN7gvlvE0bMyrnTa7UjcFdYCu9NNA18FZR9O2o33j65RYOEzcCKPmXaf4JZz3clH0bihADtjfJueCBc2iHFvejFNLXA9n7YRNYBGuRihL1bAIT2R3pGVX72nFm9TAOuj70Q4qEfEg-G1E6V9R7aH7WvD0LG43bosP8IhtcrHczZpJtCalz6NX8kONshhI9-dS-HBSdW5fiU3Eht68VUmkvDuLP06vC1diO9zQRqhfbndrB27LOuaL4qeKab9HmNQH2DeEh0Q1X5X8qgao12R97mfskYCwB5bnBXEXk1J0ySlO-BCZbrPtP0ZYC8cGenoNNhLWbhcZHe2pMXxrYTfUNYXw8hGcSGKDvfNlwGOYCFsS49DydjfwpIuEFkqHggN34X4fWKGONrOpyRmjbf_jSHe0f6jmzyODJurTrX4NfCQAcAKK7XJhyBVGeP1vCxaqZDRzAg5YdK6QPjVdsKElTv6h47u6MM1gHlmHUtqzfLtXPheXYCN0n2WEuMJSG5j6EBcEsi0RSn49U7RFGndBmt21fyb_Qsf-ZHAputS24Mrq7CcHPdSNBbhKXGA9qXl5GecWFt8DtXsDsB_ZMFbIEVnWJMsNCHTDqrr8cAamBo7G2BOjjAg6uexjG64_QQJdM2CQW1YRKB8gwb2WffUgfZnBrJnylOLVgwaNZ-uxIVzwdAREu3yv0MGQYey8f0fLgXXc4plBUYwBLRMUlFoZWDfgAojUhf2GveXF3dxge83K1NR-4jj0a1oWDGP2nQI0Ei87zDKWQx-c91eFtMEnIgIr-BwWF70Bi6kQQc3lag1yuZFsaTw90k3YXbPIulUPD3YEO5TmSGO0H13M5uLkHIdXERLjA1rAUjkgF7goQV0DQDqEhcflxY9ladSkPC76UMvlGhLdkBGEDeVZB7Btgv6L3QL9YC1-81oTb1IrrlZReqS7B1ePn0VISdyqkgruOCfOLiMaMVY2Zet7sSfI22IAMkA9BiMU1f1SiK2ZWnnUex_qtc50pp5KHkNgvfevBOr0c2A-WGrjlwgBwgbqIGT733cWgDOCQbd9ZQEX0Pssp-Dmkb1TIOhpTBslKz4nA1PpjTAI1SqYDZTSFORDJxpjBUJPeuWDWUW0ySigBrntwejacMCUmLA9OI5uUUg9cK3OKeCfLfUC_E0Meif7PhRRDiYyPqF-sfgcadubuD26jETXiPIoAj8iMe1f8yX2PFvH-7XYDufVUqwsoQadeofHIWJOIhSJcZaLeZ8uXfrghnMi4B8QLXLLTSfY6TXM7bqdr40n2fosyEaAw6FHNBG2JGN6DEHbNJWUXlIOauXI&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=3767901123274362000&adk=1405019969&idt=165&cac=0&dtd=4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 578657
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H/1.1 200
OK dvbs_src_internal122.js Show response
cdn.doubleverify.com/ Frame A046 60 KB
20 KB 68ms
67ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal122.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=4890745&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0jUTbiNFjtBQbHyS7_Vyfw5&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396440060&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&turl=https://www.babup.com/&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: b59e0c0d1cf93db01c65f1357aedb1b27cf41998f06af03d1039bb18e83b5f86

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2023 09:51:46 GMT
Server: UploadServer
ETag: "676309fe6e3823d28d9b38e6462bb025"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19669
Expires: Fri, 04 Oct 2024 05:10:45 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7303 22 KB
8 KB 62ms
58ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 578657
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 25F8 22 KB
8 KB 62ms
61ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 578657
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 7CD4 41 KB
14 KB 49ms
49ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AVIR0HJqTKZ8Omz_yuyKjXSKGmxjUKGhBYknV7Cq5grob5Wf65XmD1bVnl52AG17mRvCvdInCsljIiOHaqDwUS4z2DmBgp-BfPFoqYChm9_umGcwunjr3FVNrGRYkK-Q1mMDDpeDX1iXIym9vHyUj3ZxVKgSxvDeXLvjUnKjHGw4x7o9Q&cry=1&dbm_d=AKAmf-Dqcng6c9Y8DI-lHY-jDG3MvnkeYTcCdNVX7GPoYwibfPZV3TWbS4xZKZgMxYqWLN5W6Qx5dxfEw9MCwojTgCjUD0CJHJHKG_Anmf_4WEME334PTWsYlLQYX3gL5qKdKPuP4I2a0mXRqcxbpp833KXGz98lOlZ6ctoFctEQ-ndIut37Qnuh9Cyh5FJAj5hKqJLiHJWnePbc3rJseaIizm5OauvTD8nsli6r-EJGzN2LCbTfYpGERAwmeAJTpiZgKgWc_ovIqmECK6x6pC85ONZD0ved3sXFYhx6nsgr_bXRFMm6ipaDV5TOEJ8xXq15icqvi8TalWiBSVT5hcwVMcJgYGnxwmvahBUsrwR7rmX3t59lD73k44sESDD2l-HTv5-xUdsI103YJhydLKXkCUkAt5l6zJxb9La3U5Lx2xFERRgS0veUWt76SJ53HshCoDPWb7A2IWZlJQzGbGO1w8CtxDkwD6bJO6VMYvQJVMBMKgCtUmea6pgg4AGmymYpnxuGW7lko3SxI8_wT68vxPOR4SS1yrGHdqTZyupZXw5wusy_Ku7UUehyR4Xc99PBL_vyuRLUdRAoW8d9rVMqPdHPllp52uFSO32-lRITg2XDevUwkKqbnP4NKoP9G5p48q70VvyogMeNxQn0k78Br5R1PcS02SvJ-j5LyA9c0BzK1ubJXJ4O1gdjIlep_KCeb4ywLux_p5YCbem3yPBMLONpugM1TM8EzbsSsyPKk-Y3h5PPk4zoplXO3GM7xSFoAvVrt5dy74H6AjAlxUl1L-j5grYETFUELwWD0Vvv0p8wjVvz5c6O1sahmnhuNHFSxUPeXSp4RM5lDbnVti2NC92I_IGWBzrm9jD0_68CCjX0dJYNKZPqUG4PrDZDdsZ24d2N6I2hbynvB0oVjsQc5gusx-OVaKGX1bhODElyqIJTq4GNjpYDf6weZH9YKFfrIggVo3h6jSi1MC5CUUhN4yDeJuecXn7KmEezrwN-KURWYjgK1G5BlyCKkeAoTeYdVSZHciL5JOQOslpxb77KdeiaAC6TnlMNfXKe6Rmf86sOlbHjc_gYayxffbEUVWaRzY4walZ0FzaP5aeRQ70BhKFsEPnbN_tSHHG8beFKc42HsBHrzX5hoTfhwvrOSJvYu5vZZ67QOLPvoBwF0QsNXOoDKyF-QuLrWA8tZXmKzrKux6R4nvEopUvp3NrLbypVwI2BJ3PuRJ40hKhmbEIdyNiTfucPwJyszGNBt_v1IupIXaiQ9MjXKw0Eedj5OsS7nGAhqdsxLHhe_ckd9DqNyq0aT6ozYXwtisFyOu9fhbolSTE8_mHXhvz8zTEAbeCyU0rfAjvcaTbY1zZrDaVkzTmc78U59o6mErvd1-45Yf5iEMQL_09aHIyp1BLAOTRhf6roFn1FWvgfdqxacilCeyZRsX9lnyQ9C49IiJNiK4d5_bPfMj2ANj0f3cFPZ8W3L_X3dNG3UUgSNhz60VXQBHiaEm9zf2DaEYkQujxDhOUd1KO51yL4lH7HIbL_9hAb6EpJbz3q60Obf_rjm852amqAtnviqgsR8I1Oezbl7a4GGpr7mhSX8siukzFApNq6zzWP80yNnB8FXo5gqH2V_dVgKF8f1nzv4aekKvLlD_AfdhoFnOxJyU0X1DAv3wMssCgadMy1lwzrClDow4cN3jUFYt79paDyWCCZfXOKwa_mt6viyOFNOhAUUflPwAyepu0jTjoFj6h0OYZRa3rUrRmXbhcG5a1wbmiaF39ODs_biTh7Wv4uOUS3yn8Ql6wxYKHgTmByAo3yzQ0YmvgwVwIyYwrgO1SheWyliSbYaTiFiOWKIzcBM0N-5dFm4gqPg_5-sGqFdZnX8l-4j6j4bxwaA2JGfCl8q04ZcdSK1aNBjy59bVE68B_jPlTTqWPY5gTX5slmKUUz9Ls_xTD7oMgXP1QHQVnUNL3ruI0x5RUgYTy9bZsAKe5KtQ5CJboDEx6xfAGbxuigP4xZpziBHVOOSgSNRHEFFmmn50NF92Xmt-LshteTWAjWBGjD6sTP6zgqr7Bc_jklDRc3o7gXnO8pnIVka6b4umRK4RuODCDfD8Om6Xv6421JcUyCnUeekNrveQaacLn4IE3tSrIGOR1SIF8SR66axwdeZHMxlgtfzj4aBR5MDkpHSy0l9I-Eg9Ml-oS-DyPK2rdyVDr7i7eF0n05uwti_uGvLeP0SfqYw9_6_WScH1TGKrcxktQ9OxZDwJgkOEIw1oitjXQZgjOx7_I922_eaCf02prr5xI2vie4Y23VYMKrPBHhKbhj5sCcRO7vdoKx_fudm8tew6ZAJcLg9ZOzZBWaOb1EA5bKXJ_XQZgKSg--ruPIBj7DZnDsDX6mGkLzgTMF3i5pzBfOrgmTqSdbTrFkDXhOWznzCBhBQhDOhuZZnoeQpQr7Emf3FgnMmmjXuWhSIud3TeSh3gRtaRrt0wSdH2XOSsc0-GRRbu8nu_sdnMnUd7YRbYvpWh1aJnGvflBhzImOmFVAmvyieJ0CpMaNMZ6TYq4z3gh3QTwHal1pNmYjD5-gC-Nt9dtXElGGFqbf1hYqU_MRniEjlvG_DpqkUBhFGac5iwaK6esiG6CvZ5pOXPZKcHosP2brQxc9rz4kHW4uXp9uaM4urr5IML069UY117ymxBkhpGrllchMF6fjU4InMiXHATR3hY4D984MTIj5XQ6cMOGaXVQMesx0xbaxJo0X5wAa06b_ER5djs3SCSJgzxyp9LNZJxrfbTUOgKMwI4norxw-tgiUXrEi42Ep00URylowtPwveBFd9_oh5IIWr5urvz6q8Gck2U0WophjDcQgMmE9xm4cMzCe_FvWySeQE5VhgBz8JBEZs_g75pX8_vwZrnuDFoYmilu3lLG5mekXvSy_0z9k6LQFzZ1kwzjVEMccwDL39zPYpqtP4WqGbKHi99BLQW97_99Bc_KdnepAA0WQnxuGmwmpHe2YddVMDOqf5Xckhg6AMJphd2GBfNu0o2SC-niew9h6ah7-45FJlfvgNveFL3EGYQcPZ6BoA-axVtAmlZz8TETs4kB1kU975pnA21qEskSpQxxD5PRDjbjdzsjnkYnGAml90I60K41L1ArugN0xzpLm_qK3HwL02PCEX6KHi70ZYPn2GrV4LMdHFBxjaJiL-Xzbsiebyrw2YAzkn2J7ZkpOhzwqn-8Ueocv1a2VZp0V0Xz8TYYJkweY6C36tfmczc2d7m8DMItN-uaN8YNINiMCYU6Ui8agDTuuhlSul6Nd5ro2n_gE5WZv0RfyeVaaYGFdpV4pa7bUImiMpcQrsgf_LPeuyGC-JAJF-YcHDedIo6AItC6nOimKxab3XX3SXxvucsIf2HwU3kisH8ch3l9y_b8KMLTGdZJUxZkcXXWy3cT39LmJjUY83e-_5hWkz5KYWPp415vI-KjnXKGAbxGCFZJzrgcGd7K6SqyU21HH5MXGUPsHFuYQuSOrMjHQJBJa5rV-6nRHYA1gX_hmzWNuVnQjKi0sTzEiz-OOAMYiHEIN_WtkKz-Btjf6YwAkX8fwuHlMQQ_kqFC80Dkd9EQvNbfaAMaPm75H7QW6bfSYo8at-8_85-2L_jM81YKB3Kh0EUbE0hHCbMRgkh4HL_EYHgzlD__B2eNll4FVO8_p-POO7kSl3M-rRjy3RaY6IUaASw4ELCgU9YXiNMo_IA0bHAI5rtrZ5VmVTQYSaa_zR0eDH9_RRl9UXy0Nlxrkp76PIMUcmp1g9JM6Ue7EGJqU0jrclsBhVfiO&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=7573929915651489000&adk=1935140218&idt=193&cac=0&dtd=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 23:39:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19893
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Oct 2024 23:39:12 GMT

GET
H/1.1 200
OK dvbs_src_internal122.js Show response
cdn.doubleverify.com/ Frame 7CD4 60 KB
20 KB 48ms
47ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal122.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115750&plc=4890742&sid=18330&dvregion=0&unit=160x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0gYrMu72EZvedGKrggi-_zQ&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396455419&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&turl=https://www.babup.com/&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: b59e0c0d1cf93db01c65f1357aedb1b27cf41998f06af03d1039bb18e83b5f86

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Oct 2023 09:51:46 GMT
Server: UploadServer
ETag: "676309fe6e3823d28d9b38e6462bb025"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19669
Expires: Fri, 04 Oct 2024 05:10:45 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame A046 1 KB
919 B 270ms
55ms Script
text/javascript 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_6919818503&jsTagObjCallback=__tagObject_callback_6919818503&num=6&ctx=1828362&cmp=115750&plc=4890745&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=6919818503&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.60&dvpx_strhd=0.60&brid=3&brver=89&bridua=3&dup=null&turl=https://www.babup.com/&chro=1&hist=3&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0jUTbiNFjtBQbHyS7_Vyfw5&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396440060&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&DVP_PP_BUNDLE_ID=&prr=1&m1=13&noc=4&fcifrms=15&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=169&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&dvp_exetime=7.90&callbackName=__verify_callback_6919818503
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal122.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 1c3a39de1dba045ffa693357f9ee5e7e9429a6d0dbad5de42ed3bb6c2767104c

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/04/2023 05:10:45

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4997 22 KB
8 KB 55ms
41ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 578657
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 7CD4 1 KB
945 B 291ms
97ms Script
text/javascript 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_58131669771&jsTagObjCallback=__tagObject_callback_58131669771&num=6&ctx=1828362&cmp=115750&plc=4890742&sid=18330&advid=&adsrv=&unit=160x600&isdvvid=&uid=58131669771&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.40&dvpx_strhd=0.40&brid=3&brver=89&bridua=3&dup=null&turl=https://www.babup.com/&chro=1&hist=3&winh=0&winw=0&wouh=1200&wouw=1600&scah=1200&scaw=1600&srcurlD=0&ssl=1&refD=2&htmlmsging=1&tstype=128&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0gYrMu72EZvedGKrggi-_zQ&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396455419&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&DVP_PP_BUNDLE_ID=&prr=1&m1=13&noc=4&fcifrms=15&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=169&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&dvp_exetime=3.70&callbackName=__verify_callback_58131669771
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal122.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: c0919980d52084cb401d51949e6af762502718719349cf7db3c73e0ad3be872b

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/04/2023 05:10:45

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0E94 38 KB
13 KB 53ms
42ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 235318
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 02 Oct 2023 11:48:47 GMT
expires: Tue, 01 Oct 2024 11:48:47 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 7303 37 KB
14 KB 37ms
37ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 25F8 37 KB
14 KB 39ms
38ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1B0D 42 B
174 B 101ms
99ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstGmp6xllB2P637lTokNo7Ug4aLYHaemiK2MNJg_Btd1rnDYlFRRO5xnccUqPaG4l_7hNP49kI6y_Ist53aEvvmtSE6IOftQ4G6PGgqocS8u3Ulg2-E7WTMZKhv9qAHmoT9iVDogpqcg6uufGFPlzBqCubBSwqbKj4zMXw9VGXwLZbkovYG9KJjgHUmEY62NuWzvUmqOZjbrv3WQaX-fq2ssNZ2zMuF4IxLlACXtKfp7XmZg5t-AtPeEUvkUD5e9qncAel6IBIIpmeICKQV9upJdQGHtixIIc4MrCzfZKocA6M1Yyv_kL7SvCWxYAlCln01dIGcuIm3S8lWxfTL_OolvVe3gufkAxAdXWRtiPMolU047oCAmRp4EtzfZrr3Bi4ZtkRZJW4EnuUJYKkCgFkX6o_HXmlRW80Bp22QgbDEakMvvqp1gCY3kMSdBYHP6E6SKQ0kUY-CgxlLyCGWSyCbw22cDr9hEHviZIllRJ0VfrlPJQFd9tV-07OFXDxv6Kt_X5RL89d2toQPQC6Bfb5zZGEYP8Yox6nOHdIextadcMjixlr909weW9YSI7w5JAQMLXHElsGdUbc578Mm4BCRu5eLUc5vPljcoEOJuHlqrA8LsxxTNDgF2_MdXD-fytqRo89MQL3FNz_Hh3LQXq92ldaBBPPTZIOekRzSPPUftjUsb9NiUakoQI3q_2U7QD_rqu2pZ3gS6go-svkcRbl3S8ZTjeI8NMx66D6WHRH4HozkObkguEe5y9DzsrfNt-oL3i4wNTkapBmhsuoVFAZHchuyqWbOdHEYgpGS0FYFlUEPnascmdD2M3UFdjoGeLGSo9vc9uY7FT-ahNuCsXpE_5ivJsIEiGL4_hPjOjE4aGnUlBTfNihVLhbAJKvvj_QD31ZWuVsOSEeDHoCv_nE1YTFDYkZCfQFUTIJfSH-9JX2I-rswDp4uPQWFivjJnRV9pouRBqCKfDuYTqytkOO3B6tnIb3kgo4cakUYl6oExtYOnetwbaoyJJtQ_SELrl6EM5hugaQ1L2aLfwRr6uCFjz1qBefUuQ&sai=AMfl-YRVLUiCeHyQYlpUi6YYw07wGTuXbQMM1Fu7faC0nXxB_Da2jsA_qfJnfCPlBz90y-l3XSbz6GELuewRMIK8HRLnViLPrROO7eIf9mw3Q1LmQeveulLDjwrb_8m_ZkkacVupoKAwa8IrrCCLUxU9xJbLv42XweEYyg&sig=Cg0ArKJSzB9mGrmIKr1_EAE&cid=CAQSSwDICaaN8rciQHmJak4_Fc53VKjqS7poXY5_JKNtNRg7ztkQR-LhgXcDPgegcaBHBBwNYxvJQpAw73j2DjXenaiFjSb0vBfk_YKcHxgB&id=lidar2&mcvt=1053&p=0,0,280,1110&mtos=1053,1053,1053,1053,1053&tos=1053,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3654258318&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482642885&rpt=1609&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6A31 42 B
108 B 97ms
96ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsutiBZmWihI5V-xl-Oil_ahR30Tv-iH16ckgiXFBghReTZXiPFB_HPKwh8Pc_b6_MADquRZ0VzfGufx2bvttF6ikRUh3iM7iZ2yhwKJyeRtXVBMmqOdbJJ5s8oxCxFUWweu1md736b0ReW1K62SSaS03oeirwEsirecl7l0A4A64oWzM5OtvtYQyt0-YZMQoKgWiCJwOWveg93DN5DbyxvGlyKJb8TAVPMdmHxtr8DCt8GMFd2pd-vnOgimWQQDbxKqXeRd3ZM49NKMofoRToIscZNSjc9GhX2BO-zlj5k1T_nwX91Tho0x7y_pqTAYzEDlAKnPeI8oClRRHjAh1WIi83msCO1JxAEIsRZTlT07semS5Zu9K8jciWn-_6FNogR1segaaOjGWD-jh_yjtgTLQVKWqCXZ34_NLAVJ_aS_psdJOznr0Sq9Fe2TZgJG_aKAbUy5uj6Kzkv1Rhtm1Ljume4ZoY8bv74czrnlmFD5yrnW4y5C-IDhRpV9pEk63zi6SrbMmzKXOYJBUadf-KJXtd_6FvmcbuC0MZvhuTJWoV0UFaa9v0gpz4VMJpzJx8TxeerJSl-AotR3Mf6IwLbNNUiNAeOQav1fKJ5UfAOTOXRKao6j8YTD7YRdmcwknZ8UQmLEd1apkmW5xcz2Ox7sy-kJEBb6_3AQdhBBhE7WF40DVhoKwqlOWyUBOeYqQz7_WYbU6lAdCrtfJfVOM0-DnTCac7l3LCYKi6IxTuaSOpeluD0aDcc9CJiiIHnVozPmDI1J6CJkXLDvy4RUkwcaHHIBjICNroBeZzqZUszbQUqBHgCF5ZMmqbnnGml0rZQ843ImOCfkTqWO_eDVTYLXMSoMj4pfroFZbBSFwPiDM1FS-ADkOLFL4f-mf9SOrST47ALAX6rHv5WD--KgPE_gzCVG6TrNZ1zije7nutPBGncJX2h2meKfNi4fvpavFTbR3zwDr721c7sFH81fETqbgUiErjqebtrIFu36SF3lgivIzaCEVDM5Z7wti9nntqLD2TabKIfgsOcaPLpTCtNFZjKaiaS5nUOUp5Q4srB0OKcmSmUcS7TFYIS6Mi3GV_RgZndk6Kgpy0joVwCHQHYvjKO6wsSYtDY_xqmrhH4BH5xS_7FtAOLGvtAJZQp9-0mtg1xbD1iJ3EZok_2eT0KKGvU6mUPn80cFxpUcljbcVcENTQYXy1ImXqUk5m8kxCGP29DooYkI&sai=AMfl-YRWN5CaX4z7fQSwQtS8rDX3hRMyF9EdAtZIYx3aHxsceH3_wF93cuu4DN4aRYwYUm4zZiARLtl0MzANKQUPg87dyZGQYPujbz184cxeM0XKL2mk-nPGw3dWpACRyFAMeMrHyVl8PIHBb_WMIgMrk6EMRaZQ-gHbNA&sig=Cg0ArKJSzPlcOoPtJpKOEAE&cid=CAQSSwDICaaNrqQf0UY_Cv2fB2SP1FvEJT4WXJcZuoQGVrHtbgmbTCGHah7ySARdYUzd0c_PZtAkzqx7Ns55AuNfLsx35xMnPV3b_lt_3RgB&id=lidar2&mcvt=1059&p=0,0,280,1110&mtos=0,0,0,1059,1059&tos=0,0,0,1059,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0.42&if=1&vu=1&app=0&itpl=22&adk=2239653313&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482642902&rpt=1627&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1A87 42 B
108 B 97ms
97ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstNFBOV0cY_aYlKSqtBvGUFNVikror5WF3AuNwUO2l1IP8JyNmFxtejsMBwvhBmGH7QuRr1gwEKhuPA-Phx8BMdm1yUxWwJB-g2Rw8ztZxjY2ACiHyFFyfGf0UmW7dot2afG2mzTFA4tSHk7qP-xVz4i1mxe3CVC8JRGECTv2RuomDpaYIozaOXLv811DfGwhIZEFc3uBur-OtADQNSbbxbehol6byhVbIn6OzdliKv59S4cmloRkVfmVipdZDqQhju7SsQ0gqlaSdFbKU1RABKoF8SG3HXvVBw5_yuHjwi_57jxFHmg445lARoMq2T5FTzh9vbgUZ3TU4dY0biHL9b_DPAqdITR54SwG4w6AHtXa9MdW_3ExPWQK6FPtpUepDe5fAX0Dy32QSv3K57oRj1f34dGu4wSJS3XML0dIDnLkU-P4B3EsGwa9QnTKL_RXsQgXDq-RiK9QbXVlrnmvKKavkvmUqEGTTH2BOMchYWLdfWh5szyqC0kf3qeKaUcAWpUgDWGUrTlqpA7M097Qu31VrKhrL0swoXaNEzwQz49GooQKh7g0cTs_s-zEQA9RwJRiEXt1T4WN2W-14NKdM5AdcZ5XATNAbS1_zY8KaILlNx4O60mRHl1j5LGav1SRipGvo_StiY3V2qFModdYN_PxMjiRlFm7kOsZgozbXmfjFnD_k_G33MwfLTfN0pi76RuOJs78bAAIscsj8s6tvcHfbcpC_oI4_B97R2g4zAYgc6Ok0u3Gvn5bF8e2W93SqlvoxBLbt0NejPC_hjEHxPq5VQ39VGWFQew9e8rcu4pSMwGMQ8U0V8yU7FpDgdtxHX6adoqsEuYuLmxkgclZa_LLF_ffTBd9sNsNttMMDET5gramMaAdz_YLGgozPsnt2ebGXHrULYQaoiU0dVGGWbSLdBlyJS4AjoIY0UTf7VZ1lyChqc42f57p8L2kU4BfymV22ChAI-MeBVP5-Y3qmREU8bve_YA4ovQRQNQNvS-XJHEoKw6jjwGbRZDQLFkXVKhe44ZCq6MDJH22MIBiQ2jM8rqwx8QpkX&sai=AMfl-YQCrnb0YQWBwJtqVALulRxAA_eDnUn2zZQXusx3xGDLybVHeTljeHJKqD0aoSlUq1zFgWAgdtpqMeLRRTMgiQKTohuk18Q0T1ETTA3XuhcHAw-J-2aNKNzFs-kj_QAC6fJmqmpjhY0esH3aAPp8SbQIGUuPh9-qXng&sig=Cg0ArKJSzEe9nQMBm3O8EAE&cid=CAQSTADICaaN2mQF1CgkkQ0PzhKqAAi4xmCvsvYacIOAsZREvpBuoEzJO3uq3lp1ISaZijSk_xg3tNfby0_vEQeosYecy2V7-wKv2JIU0_UYAQ&id=lidar2&mcvt=1064&p=0,0,280,1110&mtos=1064,1064,1064,1064,1064&tos=1064,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2300165494&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482642860&rpt=1618&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame A046 24 KB
10 KB 39ms
38ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal122.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

c548a30c41171b00c7d332fc539aa7fa0dceb71fc7d91d4bc7b65ed3bfed8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9959
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 13:24:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 05 Oct 2023 06:05:27 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 7CD4 24 KB
10 KB 55ms
53ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal122.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

c548a30c41171b00c7d332fc539aa7fa0dceb71fc7d91d4bc7b65ed3bfed8382

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:05:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9959
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 13:24:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 05 Oct 2023 06:05:27 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9AC9 0
0 254ms
135ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsseqEJCnlc8963QLWcmLLeVVI-E1qsM6qoKKcfRSZU0WHjB51mHzYiBPZRFj-ghywpsHu9b0GSObFxvsOoVeSzN7Mxrlf4rroCEti0DarBB6spwO4Wj7h3Y-REXaardz5CUYlRGyIVlxdWmWDHCDlMV1wPmnzKCPj7WuwusY6KaBoqL6cLWKisP8j0C6zX0iGh7tORaAt8envuYnBzlGmff5LrYstalLQTDpp0jTWr432YzFocrstnanjW0eYZZOOUKC6JmkVrAcQzoSPlVgxk7oo-a2cKEVufKuTcpuLtp25Q08S6oG58ZzSS7o-m1fYoIwwu58m_8vkf7_t7VPNMKUb7mLEbEh_qlTB-CBoI2XuLhJyW8iuVZUpbOcuDb0AH9mMxpHZqqSlt5S6iZrakteQry7eWl6UvTHZyYF9lbhJHRVeZy83mIN_TXdDt2l9N5QWdWJANTCVXVH_ykQ-1eHTOj2RdmrBi7ck_iK6GJnWB2gud4tSdAUssj4BWC4b37Uk1qcA_3qyrXH0rfqXVXjvW-ub6wofrD9tdRl90lhHfDtSRlj_DzOCv5AX-f7FWtlk90DYKPbBf-HL8dyr_uVEFsuG3G4C6Tizf_ROotXEBcRyG570rgDb0JMoBn5rBoZFS3a9bRfCK3YGCykQjjmKooY1y9XTlZzsK_ZN9LEMrtZvK30rgA7eG8shEVkWug8gvxmDxmWjJGr1MXQUKOtQsav_yfGescsKAL-OyVJQU0evgWLk0Cv-mL5fGzciXMi9neQA5SamtnAv-39744THYNmuFr2vg72fIpr-TxZRzYJp2wVBOu5JZlCGMEcN4FcuQSgH4M3Se3g7NhOJPkuVFZwxmztldQo0wDNqH55RVdzqsv20JaJ43iKkZCHGHWN9WdiJIhoPql4yNE1heOgzTWsYMQ-ixruVGwQZP5_XVyFfWYvIQ6aWRA1E31pVNRPI-91LCop7ci32F-uQtlbgEIKftzfwE2GrjL05nFZrNazUnywqnndqJWJIf8urMLQfcibROPzpxWU3g2qFW3IIP_AvfpKggMEl819LZn8rT0LbN4bPnc9xNT5jkhnpuR9GtgfMqV06Jt4cYQfxklR6ZNeiHyTA55m_YxbhxAjA9cHcoW16gHCrHoRxJ9WmKzK5cDHpuSr96X23zg_PwnWCzoBNprZ83M1aX13CNZERlBgjxwJAf7bLmS7sJYliK-Cu7-eg&sai=AMfl-YSP_RqxpkQ4ZhAuGh1o65-uFsT77p21Jx4OAVl4Q-oY-kzUQ_5-T_afS8B0BNihTiohHAxVMetDxR0mJGmm_8AnyG3i096JdBAV9hGUswiL5D2y0elsTeU4GRg1RuxMroJiaHT80wYea3rAJrNA2Kk3XJFSwysmsIQiy8Wj9qZ1OltVSXLu_J02huVdCWGFO4lzDFQ2roZAbpKZQUy5yMP_B8JQiKXbJhTVmjbKdsHcIbJjK5jYAw1Hbi9YdjEmEsJKvTjKH_8oRmpCqXhwtvGit2KU4hGrg8vR&sig=Cg0ArKJSzMuDM_7IzRkPEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=675&cbvp=1&cisv=r20231003.06647&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 05 Oct 2023 05:10:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 7042430768889035606
s0.2mdn.net/simgad/ Frame 9AC9 104 KB
105 KB 778ms
44ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7042430768889035606

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

2543b29c4ff2af5df567480754f62ec6e22c92272394131004671999ad5889ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 18:29:24 GMT
x-content-type-options: nosniff
age: 470482
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106623
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 28 Sep 2024 18:29:24 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 4997 37 KB
14 KB 41ms
40ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 0E94 37 KB
14 KB 60ms
59ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 impl_v97.js Show response
www.googletagservices.com/dcm/ Frame A046 57 KB
23 KB 38ms
38ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v97.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

6b23a2a55e15ddffdc187b1107030f6ed53d4abe5d4c0900022451d20c3dfb54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 18:19:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23166
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 13:28:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Sep 2024 18:19:14 GMT

GET
H2 200 impl_v97.js Show response
www.googletagservices.com/dcm/ Frame 7CD4 57 KB
23 KB 41ms
41ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v97.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

6b23a2a55e15ddffdc187b1107030f6ed53d4abe5d4c0900022451d20c3dfb54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 18:19:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 557491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23166
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 13:28:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Sep 2024 18:19:14 GMT

GET
H/1.1 200
OK dv-measurements4796.js Show response
cdn.doubleverify.com/ Frame EA1A 420 KB
99 KB 54ms
54ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4796.js
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 949269f99574688c56e7d52b353df8263767b07928aa9db447db8cab8dbb0559

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Oct 2023 06:35:02 GMT
Server: UploadServer
ETag: "000fb4e96e798c5a1e77ce9a485dfa78"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101001
Expires: Fri, 04 Oct 2024 05:10:45 GMT

GET
DATA 200
OK truncated
/ Frame A046 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dac359cca526a175b42034b932fcc7d0bfe67229217b721e30348d6d597390cc

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dv-measurements4796.js Show response
cdn.doubleverify.com/ Frame 6D4E 420 KB
99 KB 44ms
43ms Script
application/javascript 2.16.238.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4796.js
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.238.14 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-238-14.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: 949269f99574688c56e7d52b353df8263767b07928aa9db447db8cab8dbb0559

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 05:10:46 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Oct 2023 06:35:02 GMT
Server: UploadServer
ETag: "000fb4e96e798c5a1e77ce9a485dfa78"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101001
Expires: Fri, 04 Oct 2024 05:10:46 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
253 B 86ms
86ms Image
image/gif 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=5.368983565104115

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Tj9cW_D39G1yUkoJ_OJmcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
content-security-policy: script-src 'report-sample' 'nonce-Tj9cW_D39G1yUkoJ_OJmcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
518 B 85ms
85ms Image
image/gif 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=5.142066390904666

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-wnNw47j8-5vyORWDh2x1ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-wnNw47j8-5vyORWDh2x1ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame EA1A 694 B
729 B 597ms
464ms Script
text/javascript 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=307&ttfrms=23&brid=3&brver=89.0.4389.72&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&uid=1696482646128569&jsCallback=dvCallback_1696482646128912&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=1&hist=3&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4796&tgjsver=4796&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231003%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&fcifrms=15&brh=3&dvp_epl=234&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://www.babup.com/&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0jUTbiNFjtBQbHyS7_Vyfw5&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396440060&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=124221411765.39983&dvp_tukv=88529329.1444051&dvp_strhd=0.2999992370605469&dvpx_strhd=0.2999992370605469&dvp_tuid=442985530042&jurtd=1089579270
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4796.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 1c4fcd649027e06ca4f1098bc06e260d68e149ab63b1ef2d48bdac57cadc0382

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Oct 2023 05:10:46 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/04/2023 05:10:46

GET
H3 200 B9689862.280626343;dc_ver=97.287;dc_eid=40004001;sz=160x600;u_sd=1;gdpr=0;dc_adk=4102376853;ord=x71hlt;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=2,https%3A%2F%2Fwww.babup.com%2F$... Show response
ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/ Frame AC76 63 KB
28 KB 89ms
88ms Document
text/html 172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=97.287;dc_eid=40004001;sz=160x600;u_sd=1;gdpr=0;dc_adk=4102376853;ord=x71hlt;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=2,https%3A%2F%2Fwww.babup.com%2F$0;xdt=1;crlt=R'W5YaF5dD;cmpl=8;gcsr=a;stc=1;chaa=1;sttr=386;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v97.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

e190295c81e3f3185741440267da9c25a36f29685f4b2456e4c1d3de64b5b08e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 29008
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 6D4E 694 B
732 B 182ms
97ms Script
text/javascript 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=399&ttfrms=17&brid=3&brver=89.0.4389.72&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D323FA%5D4%40%3ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&uid=1696482646403658&jsCallback=dvCallback_1696482646403943&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=1&hist=3&winh=0&winw=0&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4796&tgjsver=4796&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231003%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&fcifrms=15&brh=3&dvp_epl=234&noc=4&nav_pltfrm=Win32&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://www.babup.com/&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0gYrMu72EZvedGKrggi-_zQ&DVP_DBM_1=3060631&DVP_DBM_2=24779278&DVP_DBM_3=15173373811&DVP_DBM_4=396455419&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=46784522437&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=501948579328.9784&dvp_tukv=483291648827.9396&dvp_strhd=0.20000076293945312&dvpx_strhd=0.20000076293945312&dvp_tuid=705951611284&jurtd=2564073656
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4796.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 8733189c3d8ff86bfd54c162b73bea66a007e7c6f6f0579b8a25225c2aa46cdb

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Oct 2023 05:10:46 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 10/04/2023 05:10:46

GET
H2 200 2457098971912548461
s0.2mdn.net/simgad/ Frame AC76 173 KB
173 KB 44ms
43ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2457098971912548461

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B9689862.280626343;dc_ver=97.287;dc_eid=40004001;sz=160x600;u_sd=1;gdpr=0;dc_adk=4102376853;ord=x71hlt;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=2,https%3A%2F%2Fwww.babup.com%2F$0;xdt=1;crlt=R'W5YaF5dD;cmpl=8;gcsr=a;stc=1;chaa=1;sttr=386;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

4149f252125510e2732a827f921d6f6c01cc13c51f65b78fb37ced3fd205dcae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 21:20:40 GMT
x-content-type-options: nosniff
age: 373806
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 176805
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 16:06:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 29 Sep 2024 21:20:40 GMT

GET
H2 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/xfa/ Frame AC76 10 KB
4 KB 40ms
39ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

a1ff5e441184a332c1230e3082320d940687d1354e845be0ef0c079af4b32642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:41:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4269
x-xss-protection: 0
server: cafe
etag: 13754952903490634883
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 14:41:12 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/ Frame AC76 11 KB
4 KB 39ms
39ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:48:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55364
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 18 Oct 2023 13:48:02 GMT

POST
H2 204 AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ== Show response
fundingchoicesmessages.google.com/el/ 0
1 KB 828ms
101ms XHR
text/html 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1faU6HJmX78HP5HirW4d5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-1faU6HJmX78HP5HirW4d5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AC76 187 KB
59 KB 52ms
52ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:10:46 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AC76 0
0 84ms
83ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvwGwS081nEnLVJschf_tIJTnfqfAAdGkDdeLZUxqTVSMnWN-Yce-vKRH51H7cuUtwdE5QdPMhJWyLnnMVg8fOUg1tFj6nnyYm7sQ1XZ29LJWljGgyVFLRgORoG5suuSaxXJ8ULTb-svhY1uExCyHjK2I1vb1XSysFk&sai=AMfl-YQTmRDHcZA0-f9TjElhzJW7lCUkl4fXaEjD3LIGLFRIkEmEwQjb-x5i55IRh2M_FD5oKTKcka6BCFcfakl-zoIds8DRmH9xvYcXAQ&sig=Cg0ArKJSzCNwnk_wpjDdEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20231003.51781&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AC76 41 KB
13 KB 37ms
36ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 12:26:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 578658
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Sep 2024 12:26:28 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9AC9 0
0 100ms
99ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsseqEJCnlc8963QLWcmLLeVVI-E1qsM6qoKKcfRSZU0WHjB51mHzYiBPZRFj-ghywpsHu9b0GSObFxvsOoVeSzN7Mxrlf4rroCEti0DarBB6spwO4Wj7h3Y-REXaardz5CUYlRGyIVlxdWmWDHCDlMV1wPmnzKCPj7WuwusY6KaBoqL6cLWKisP8j0C6zX0iGh7tORaAt8envuYnBzlGmff5LrYstalLQTDpp0jTWr432YzFocrstnanjW0eYZZOOUKC6JmkVrAcQzoSPlVgxk7oo-a2cKEVufKuTcpuLtp25Q08S6oG58ZzSS7o-m1fYoIwwu58m_8vkf7_t7VPNMKUb7mLEbEh_qlTB-CBoI2XuLhJyW8iuVZUpbOcuDb0AH9mMxpHZqqSlt5S6iZrakteQry7eWl6UvTHZyYF9lbhJHRVeZy83mIN_TXdDt2l9N5QWdWJANTCVXVH_ykQ-1eHTOj2RdmrBi7ck_iK6GJnWB2gud4tSdAUssj4BWC4b37Uk1qcA_3qyrXH0rfqXVXjvW-ub6wofrD9tdRl90lhHfDtSRlj_DzOCv5AX-f7FWtlk90DYKPbBf-HL8dyr_uVEFsuG3G4C6Tizf_ROotXEBcRyG570rgDb0JMoBn5rBoZFS3a9bRfCK3YGCykQjjmKooY1y9XTlZzsK_ZN9LEMrtZvK30rgA7eG8shEVkWug8gvxmDxmWjJGr1MXQUKOtQsav_yfGescsKAL-OyVJQU0evgWLk0Cv-mL5fGzciXMi9neQA5SamtnAv-39744THYNmuFr2vg72fIpr-TxZRzYJp2wVBOu5JZlCGMEcN4FcuQSgH4M3Se3g7NhOJPkuVFZwxmztldQo0wDNqH55RVdzqsv20JaJ43iKkZCHGHWN9WdiJIhoPql4yNE1heOgzTWsYMQ-ixruVGwQZP5_XVyFfWYvIQ6aWRA1E31pVNRPI-91LCop7ci32F-uQtlbgEIKftzfwE2GrjL05nFZrNazUnywqnndqJWJIf8urMLQfcibROPzpxWU3g2qFW3IIP_AvfpKggMEl819LZn8rT0LbN4bPnc9xNT5jkhnpuR9GtgfMqV06Jt4cYQfxklR6ZNeiHyTA55m_YxbhxAjA9cHcoW16gHCrHoRxJ9WmKzK5cDHpuSr96X23zg_PwnWCzoBNprZ83M1aX13CNZERlBgjxwJAf7bLmS7sJYliK-Cu7-eg&sai=AMfl-YSP_RqxpkQ4ZhAuGh1o65-uFsT77p21Jx4OAVl4Q-oY-kzUQ_5-T_afS8B0BNihTiohHAxVMetDxR0mJGmm_8AnyG3i096JdBAV9hGUswiL5D2y0elsTeU4GRg1RuxMroJiaHT80wYea3rAJrNA2Kk3XJFSwysmsIQiy8Wj9qZ1OltVSXLu_J02huVdCWGFO4lzDFQ2roZAbpKZQUy5yMP_B8JQiKXbJhTVmjbKdsHcIbJjK5jYAw1Hbi9YdjEmEsJKvTjKH_8oRmpCqXhwtvGit2KU4hGrg8vR&sig=Cg0ArKJSzMuDM_7IzRkPEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1761&vt=11&dtpt=1086&dett=3&cstd=1754&cisv=r20231003.06647&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/3sne9qdhtxht

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 127 KB
22 KB 46ms
45ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

65df64ea8bba4e38bd5bd07077b811ab3a05825bfa62f691e84c497f3a7017f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 470481
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22686
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 18:29:25 GMT
expires: Sat, 28 Sep 2024 18:29:25 GMT
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame AC76 0
0 98ms
98ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvwGwS081nEnLVJschf_tIJTnfqfAAdGkDdeLZUxqTVSMnWN-Yce-vKRH51H7cuUtwdE5QdPMhJWyLnnMVg8fOUg1tFj6nnyYm7sQ1XZ29LJWljGgyVFLRgORoG5suuSaxXJ8ULTb-svhY1uExCyHjK2I1vb1XSysFk&sai=AMfl-YQTmRDHcZA0-f9TjElhzJW7lCUkl4fXaEjD3LIGLFRIkEmEwQjb-x5i55IRh2M_FD5oKTKcka6BCFcfakl-zoIds8DRmH9xvYcXAQ&sig=Cg0ArKJSzCNwnk_wpjDdEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=67&vt=11&dtpt=65&dett=2&cstd=0&cisv=r20231003.51781&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9AC9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f78528639866dd9cef671ad7333d80c6032430c7572f1e7006c61b399278cf60

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7303 0
56 B 78ms
78ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BgOhPVEUeZdaVMfiH1PIPn62_yAUAAAAAOAHgBAI&bg=!zc6lzoHNAAYMG8UMLBs7ADQBe5WfOHorbbRvOhKOTxzYaXNCku9fMWru4j6nb2Iq0CDVu9f_SzpVpI6r1PMEPr0DNFXEAgAABMFSAAAACmgBBwoAWUr-4PDaIFgZj4bILPg5dN9CCaud2vJJV8MhG5DApUbSf_lZMhsi2FqaOteI428Z2kHXMft_srxIt7EmNOT-n2rjHFSV0EfU4k3z7ciYi9nQS-CZywV5wOevmQMHKs-FO2ECiEeRwI05ndEteFRmxSZgEqRHYPspMQpLBz7GIyiynFyjhXUAampMpG6WOYcbKScdIORF3uKajWYnk7KwbjFQ9oD45LWJRABFuG81oRrlpDg6iSeAq0Vn_FpjAnCoVXEtwtJt6n5BRCdin8XuEzNmScV9nmxEiCvSePBiR2rVrKRFEBZGdb9FgE75yisqRPUSQvlN6av_uR1oYwGh1JQykSjIQBrdlFc9K7OmmiJEcSyYJu8ddqoGk5rBia_SOqe64Udt6dxnLYaPu-wWc2yQ7gdx1HcTneI56vACpQkBXg0cTkCYylADomguF0RcOFM_qduO7tqi0ombw_fBRp6AARBE1BwGENUEsjy6hiJXiuLAPGSuP0Vz266d4tTnMgZRPmvoSN9gTGx118jl5sCkhm76iSmKtpPIp6f2xnJQtLbfwoHXZkqL5PuOSHZM96mMdRr4vNtYdgAt6agXhV4du01Mi4Hei1EDkIJ8NdYo-mxDrhU1bX2t3LzBOUWPAwWCr6Bj6gOqn8-l0q12lQh3H2ZOonJHj71NfQZYdV9NnglWPddKzW-nS5LA5n39kqi_hnT-X4jxSKJbyWtDIIfKbqk89hpuKqdMqEEiEb8-NfuwPJzoCjrEc7cGX-lHMu_AsgKX5ZjvDzaM-fQ6N-xtYJlmzaKUwDyjsS2m9m79ja9SwSUtO5b8cBk-Pcli4jnoTCSEhQFOSTLCP27uvfkWrEmoji2bu3JI9SdNhSpCaRCMpe9L22qg04yy-q1pKre9TvTs9vcGrAUydKZZoKnb8wF81l3ePfXDiIxxIjFLPCdhQSl6zn6vh5LIVZAFfpC0PE5lTe0FTRbBb2nsHeXLlKx9jl6r2DFV39rhhEpSH3qr-wjp3J-M6Rbk6R_-GCfgAuMf4cnKty5eZtDrf1gZx4sytdqPzqjVKv6CfDAnLUzpWln4Of0vWMo5oZ1-e1g-1bNYHLJ2HCQQhESXYDL8ZQSTR_-DA20NMuLd_uEG_ojM_FWeIsGggRij7Xp3e7--EQ

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25F8 0
56 B 90ms
90ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFh2LVEUeZb6gMKSUjuwP1LG98A8AAAAAOAHgBAI&bg=!FRalFlnNAAYMG8UMLBs7ADQBe5WfOACkfL_jg8TMNl4x80nrOF2bue7MyJB1oTdQGR6iLHrK5TF_Xe-AfvPa_MVAgam4AgAABDtSAAAACGgBB5kDCKd5DPqHse_Mr6-iHcUScQc7x0tJW6oUyk5YxuMwIj4T5K17qOibwuUlfh0So172heb-nue8Pc4iNVCYNQdbuG4Gc-NxNpZHJO5vTuTUPibeqnvVj4JOnXL-OEgHhDD0yfcGseuQ7ekwZoZ2LFMsaqKP1m8s2sW8HOca-zDhdeV27DRdP4QgtYDwJl3wZjZf4eQBES-iSnwlJcgaUM2ThZxnI-SU2jg45jJ79hu8bTZeONSUNZp5r4qgIIHQ4atMM594eWdX7zP1df9UH_hSJYPaVJUALPmmuWup9fITG4ctTczD5C28Eh7zBkrfYQN2A6UWgvwi7ibYFEoLyAVuQIMwX6RJ-H0R97GbDfI8jHPQZSyG4dWIsT5YoaOW4ub2ca8BOsyRPzy0iOh3P1CbV_bA2EDz0zat4E1cDrPthPpJbSuZTXiVeIvGsoFq44VO5tAmp_uPmSTW5iln0bnw4oJ80Awn3DB-szXRLnd9rxOr2wOFsGSiyFhygUsDkpdjuuq22lE-ZEURVO0V5DalRaZD0x5FEMmBTpiHNCi2TjnW4X2ECwwIUPA_fpfvexHydvYyw-JbxcJPYzjzuMGqvQPkdXEz07NsJzmsPwZGFdn3rbAvjbuviHq52qnr44TVKJ42i5UFBfw31cYY5IRGxB45L2WmFF8KZH-zbh7X_0MXzr45XJWC2TR7_K8Z7Fnv0jl4MTe-_B8-tRIXYo7pOCzAN4ElDBYXzuIMA3Xw-wawOvkgf7vEchmVuVv0Oh8_194a94k0UDqmD8UvLdkgH77j6nGUb6ddhc16IlldRVEPMz8BsXB_cHUgI4An0ux1T8qdA-jB4OY6PTTJDzkbm0gdY44qRM5J8eBdDz6YI2d8v99nt_7LNKpeWPQuF342mmvNmQNKRgf_mzr177HA3Gp8sUKa-59YR_aJKCKj5vIidhkloIXHwFDoYQwrG30rfGczLqLB3iZEzwcOejGW2sIKDNNCgYeD2DSvH1YvLTA1HZVhAJZdCuanxRCNFIBEO2UZaMIuyWky

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AC76 7 KB
6 KB 106ms
106ms XHR
application/json 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/xfa/sodar_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

6f4330cdf3335943f62d4250da86d2f930922fef1034acb1143511cc51b6bce3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5718
x-xss-protection: 0

GET
H2 200 DcmEnabler_01_250.js Show response
s0.2mdn.net/879366/ Frame E48A 32 KB
11 KB 42ms
42ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 17:05:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11558
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 05 Oct 2023 17:05:58 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A046 42 B
108 B 117ms
116ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvQZ6TTpk5GEttEEJ6xPnk2A8uP3ML0YG28dwBxzMO_O4pw4JQBEuFul2vrNFSag2-_DjSE1ok_nq4NZp--oyTfQllM6b5L2NTQk6RGb6C9nAojWcyViBCe1ZFlkjpIrojc7rEG7Lir9Q&sai=AMfl-YSSItly3Ls4ekJPll3MU-5GlW9rKP2HoR5R4t1QQuyyQs0hSC7xXVclRsWfVpe3PqsTRP7hIosOr-WMtkJwDaa78kpnwzBxq-So7ADy1oLyP2PtRYCqiDuJwl35IrKrHhGQK8EWGDEiU8ICIQ&sig=Cg0ArKJSzIy7Ue2ASndLEAE&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&id=lidar2&mcvt=1034&p=0,0,94,728&mtos=0,1034,1034,1034,1034&tos=0,1034,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482644577&rpt=1281&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 04F4 22 KB
8 KB 40ms
39ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 578659
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 12:26:28 GMT
expires: Fri, 27 Sep 2024 12:26:28 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4997 0
56 B 82ms
82ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZQwYVUUeZa1qwrzeA_2arYgGAAAAADgB4AQC&bg=!mJulm9TNAAYMG8UMLBs7ADQBe5WfODzsVPu3SOUbU9arblHA3cdcpMsYeFNSG04papFJqtCpCcLcvEs1JPo_Qsv0eQkxAgAABHZSAAAACGgBBwoAKviqa289jkRVmQFcd4D6RMs1SiRSCm5jT0ABppQ1j0geZmUF89YVIT1StpkDC8SdQodxKuh_Tqvofp4PPclQVaXyJ_AplDKYqUBF9qbdYlWsDw4ApPZQ5EOELq1gsKT3YDn2RBH6Kplkpqmg8wi6QK4d3oum6gCwc_TVy5O2-0oCFw-H04mdRVIsBDe7r7TPdcvbPXMNa5xo9_9iNqLJ94TIA5c4vmaUUkUtb4sxOmhBn7Dn5y2r97OhVCV7LFdJBx5w0LjGvGHOGTukUzcKBUd-IQhuhTb9bUmKUPj9hk8jNjCrqJxy0A7EYmUpjflBI_rpLvuY78TSciwvIFrPwaSEzWAEShUgBD9EcWriJhtxoegTfIt9jtxz9e5QZewfGaEc-lcWndIiT2x5NMBlMWmG35tJJxRfJe87pq1PzXnspMRcPBxTdSZRUf1ez-0Dx_8CYWdwg8SSoUWbSF4LcurLHqQqEvMLt3IhwcWHxOVHaLc3s3sxOleLQfgNdcDOT6iKPRBy3qXUFrcm7LulyrsZjRXPEOtV9i9c7CVWkf4WgPd1yefjmjefP_rnXy9SCPjrsIsZzELycRzWwSb-H-VyUr5BWtF23FfCqtSGPnVtBDRGt9AR6AWN188w5-StOadJ5hoPl34h-6C3UWxDhgIPFHtdXLzxdbDU8lnVZZqtwZgaCunuXxlGUbD-TH_5hDWazcV44n7dkxio-Ski3kQYbRNcdtZrKUFHanJc2VTa-lDOACoLzsWM2upfg6np_peqrWdaWywJo6rEs-awy4ZxP-K7Uhcxs4lmJKj9VcdMcLbW50pDTADkt-uQcdr4RUo3BAxssXS9q1kJzqaJof6TYVcAE1pNk2i9q46wl3JHIHpVbwburfYmq_AOIB03m0eA_xHTXKY_JWKp3vCQhGnLuwEOAMopIHWk4mG72nswPq3EGjLqhTt9nGJZjFNPfD5fDP3G639RLHeSrXcCRP0abc5ELgtRC-vegMGY2kfrJJAAiEc6gFu7dxHJavTIx0w7GHecRr1GSQpMUHU9e0Y9PHbdeSdAB0BOfwR3t2noCtJTUZjutT1f3GbvVXCteRIvMPbWBqgu

Requested by

Host: www.babup.com
URL: https://www.babup.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AC76 17 KB
6 KB 61ms
61ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20231003/r20110914/xfa/sodar_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 05:10:47 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 94ms
94ms XHR
application/json 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231003&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

b00aa17b066dc18fff34000287cc97f9c46b55e27cb1fa5f4828d8ccf4c99fae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12210
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7CD4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eeb5ee8a474885e6bc5c4a3d3f357efc4795743b8b46880e80e511306a62123f

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0E94 0
56 B 88ms
88ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B-ptUVUUeZaqcA9yQjuwPqIihgAIAAAAAOAHgBAI&bg=!_f6l_rHNAAYMG8UMLBs7ADQBe5WfOIl6y22-c_vJ4R83CY13IG7XxS4THnU-z8cFKV28H5hOewmWzMPhOnuP5lpEN-5pAgAAA_VSAAAACWgBB5kDCY4fAYG6wJgYX-Dv22vxBqmZKMvW_N9tb4xQsVOUVuu1PVP46Nu6okpwRCR_9auUnKZpNkaobhg5iBoulJGsuIm3ePD6x0AOiIGMaXlWYnJHi7ALW3RcaVRzKasx58uYck2Bw4p8uOdF2ZEg6kw-8sxf7jSevbySDClGSDeNBSRDHbj45NgYZk0FhnfCtK3oJGCgu_NcaIZexXDhngXdNDJnNKYBeb4MaJOHjrTB_l18Ex7sIu-6PJunRhdemA4BmF41_-EFmsCB7fJt-2b8mKBWe7Rh4gDtjUGagJrU9tIBkiLFWTnwLfii8A2GmdeDvA2H_6gtDXxu_-RTWzB0rcGfFEOcH1nrIBSWkF3VXnMsrRVtBRXM1XVbqzehfwsTxBRktEhMUyDnlZWsMjpvTWO7hlHTWQdqxLGC6aV4l4XLiitf82HoNMYGX47vpgkywfqRFrth76uFOhomWeB1lkzs-GaitIO342p7zjYNjQKx8ZaxdQeQLDD79OrdT33-bkPsW2K1Qpzn6nUiYw3g3q2XNsYXkj6Q_PxuFKco-F8tTqSUgrWsNkttwLIGm_opqWthCOxzh-hvzf6y_8LymJBmCzdc8eDF1ZnHXuakjuMHbxtqdwEiJotITjkYZoAAdiO5gwrnMU1GYVEv3Xd60jafM2guMO65KfY3rozBC5850iih3abgKlbvOzXp0bafgyC1j63Ecg-aWYLwcle7QG-O5d6TinDq3781-MRXXJgBHNUkJdzDrmQx5gmyng68oDMyy0bZg_cJvp8AUp0qQL2HHuWcexf4emQGRWt1x8w0xEbMGhArcHxvkSqjRee3Y0IWRToLTtIyciNDG_yu62HIxmoALmqGVvoJ-2z6T7AKSfC7sxG9nvhM7FZc_skNW0SSbcdXFnNG4jvmE5ddpT-a6kJdEoe0Dugl1VIk5uO-4NjYxcYsSh4pQxQVT1X471dYjIJYoqY4jaB4SmDxbDcJupMOzgeUKFW_OOcyqxvcVd3_pJJo9R0RazacD8M1lWhbbfxKP-muYw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js Show response
pagead2.googlesyndication.com/bg/ Frame 04F4 37 KB
14 KB 56ms
56ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/21mMSjfcZkP8uSd7DAhQtto60Pqa34G2w50Go1Kr9uE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14668
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:21:07 GMT

GET
H2 200 Mandatory.png
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 1 KB
1 KB 57ms
56ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Mandatory.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

9a141dcb908283174d96e81594208a298ecd14cbec8c04bd35d12f49dc079cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1397
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 Txt-5.png
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 1 KB
1 KB 63ms
59ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Txt-5.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

5d8a2ff02c5abb01ad495fe32bef1ee5975a073ba45e6342ef680b5f2f2fb2c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1037
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 F5.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 25 KB
25 KB 60ms
55ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/F5.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

d83973a899b781795375d0d7b370a4acfe4477fc1bf453a10c0f0219e24b16c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25982
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 SS1.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 4 KB
4 KB 74ms
69ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/SS1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

4a164502bf06104de111208833f740f881d4c3fcfd8d269154979157bbf019bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 12:49:00 GMT
x-content-type-options: nosniff
age: 58907
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3654
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 12:49:00 GMT

GET
H2 200 Txt-4.png
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 1 KB
1 KB 73ms
69ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Txt-4.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

d4ece3adfa6dca8b643e43ad2190f037a906ee62d0a192e908c40e01690bab94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 06:33:55 GMT
x-content-type-options: nosniff
age: 167812
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1371
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 02 Oct 2024 06:33:55 GMT

GET
H2 200 F4.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 20 KB
20 KB 58ms
54ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/F4.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

9c27de5a9c3688118fe663449b3c41ab4fb61aa010fa8eb69e20e15bad26ab49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20753
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 Txt-3.png
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 1 KB
1 KB 63ms
59ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Txt-3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

67c281b54092d49fa7e8ef1a92ff01fc85285dc4c7a116c7250010f00a1095c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1138
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 F3.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 14 KB
14 KB 57ms
53ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/F3.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

0ee71d6e7aa9c6db0846e030d36cc18892576f30b829bbbecd5289b9245a40e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14468
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 Txt-2.png
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 1 KB
1 KB 71ms
67ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Txt-2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

8a3042610693bfe109f6ff939b2e8bba417bfa8d7fe0b5e05d08316eabb7d55b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 04:25:46 GMT
x-content-type-options: nosniff
age: 2701
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1264
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 04:25:46 GMT

GET
H2 200 F2.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 23 KB
23 KB 63ms
60ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/F2.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

18cef7895d77d8dc5fa03d09537ae28c70139a0b184c2c3cf9966d0ecb9b84f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23400
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 Firework-3_1.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 2 KB
2 KB 55ms
52ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Firework-3_1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

69c9180a5d71f3bfcc37de7dede698b33999328c5889503aefa1d52a23a8c53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2333
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 Firework-2_1.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 4 KB
4 KB 74ms
70ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Firework-2_1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

1297bbc4543d8f62d2ad3f0aee7f7900286ea32407330bc164b8541483cc5f85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3866
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Oct 2024 05:10:47 GMT

GET
H2 200 Firework-1_1.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 4 KB
4 KB 71ms
68ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Firework-1_1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

6bc53d810c7057eddfb8f24698bcb90d0b9a46c368d8d2449b3d6ef13fbb6061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4140
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 Txt-1.png
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 800 B
864 B 71ms
67ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/Txt-1.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

74a9e67d871046e74f4a6ea816fa61aa38f56f1eeba64c2247157fd19cee9bff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 800
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 F1.jpg
s0.2mdn.net/sadbundle/5837969635088965825/ Frame E48A 9 KB
9 KB 69ms
66ms Image
image/jpeg 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5837969635088965825/F1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

6a499e89193031106ea78452d1697913e3295aa84e0fe3aca39138cde54600e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5837969635088965825/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:53:08 GMT
x-content-type-options: nosniff
age: 55059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8804
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 10:32:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Oct 2024 13:53:08 GMT

GET
H2 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DDD 37 KB
14 KB 51ms
50ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:26:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:26:54 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 75ms
75ms Script
text/javascript 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309291101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 05:10:47 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 281A 13 KB
5 KB 60ms
43ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 45937
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 04 Oct 2023 16:25:10 GMT
expires: Thu, 03 Oct 2024 16:25:10 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 49A9 829 B
1 KB 578ms
54ms Document
text/html 142.250.185.164

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.164 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

b6bdeb9c8bbaba25e2212ad0afa0f661c13b767a7064ce187f74947869e4994d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HQRK2Ld6X8wrCSz2FUJmkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-HQRK2Ld6X8wrCSz2FUJmkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 05:10:47 GMT
expires: Thu, 05 Oct 2023 05:10:47 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 video-ad. Show response
fundingchoicesmessages.google.com/f/AGSKWxWRCqe4jh3oriWNWIhXHV6oEqm6szUPRHvwGCKYkVhvIDwUsiqkkKHlT4oDUJ0_uigvYJu1vlXa-WCewNuNfEJUM6JL14DtErAKVqpBjhtNfrNcDuARyitIULBhBbs2lPbplQv3LNE4rxLoE7vpbV0onagi_... 54 B
298 B 77ms
76ms Script
application/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWRCqe4jh3oriWNWIhXHV6oEqm6szUPRHvwGCKYkVhvIDwUsiqkkKHlT4oDUJ0_uigvYJu1vlXa-WCewNuNfEJUM6JL14DtErAKVqpBjhtNfrNcDuARyitIULBhBbs2lPbplQv3LNE4rxLoE7vpbV0onagi_2I9KKplAsa0H892Zb-e1keedFmMcPe-/_/480x030./ad_paper_/ad-blacklist./scripts/zanox-/video-ad.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.tqxKECSFqIY.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwtxTeK0vqgAiplSslOPe38G9kokw/m=ad_blocking_detection_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

b89748b1c1cc74b2aeb8aa03db7975dbb704dccfcd802be96ae53e7ebd79a019

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8t7ZuVtMbFkSobk6TlpF6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-8t7ZuVtMbFkSobk6TlpF6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 61 KB
23 KB 66ms
65ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

2c0a8f02e8ef795aecc87e8e323c15fdf29287d20501d6ea0cf1dc53e2d2ea9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 04:47:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1388
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23347
x-xss-protection: 0
server: cafe
etag: 5707400221330747696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 05:47:39 GMT

POST
H2 204 AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ== Show response
fundingchoicesmessages.google.com/el/ 0
201 B 70ms
70ms XHR
text/html 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ylQ9USje_NDyBwyhd7f26Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-ylQ9USje_NDyBwyhd7f26Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 9AC9 6 KB
3 KB 527ms
151ms Script
text/javascript 52.222.214.123

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=_LBcidLB_&w=160&h=600&c=1696482642889529&js=pmw1&base=te-clr1-0bd500cc-67a6-44e5-bbb3-aa427b928971&admarker=dynamic

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=&c=1696482642889529&js=pmw0&w=160&h=600&admarker=dynamic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.123 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

121b8349c3f3c6e88d860c9622e94908930aa64d56a95419a7e9f9ef26a8cc63

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA56-P3
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2353
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: jtw74CHrvxJTplVIeRSCdrTE-N0lBE5To1LTGhQnCUGssc9B74fPlA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 9AC9 38 KB
12 KB 541ms
166ms Script
text/javascript 52.222.214.123

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=_LBcidLB_&w=160&h=600&c=1696482642889529&js=pmw2

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=&c=1696482642889529&js=pmw0&w=160&h=600&admarker=dynamic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.123 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
x-amz-cf-pop: FRA56-P3
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: EhAv9kAUV2vQ2Yy3YqIAEqoacRw4pB6VGBILZURs-d30nL2NhIbUuQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 9AC9 43 B
1020 B 528ms
152ms Image
image/gif 52.222.214.123

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=sojern02_d&pid=sojern01&cid=_LBcidLB_&w=160&h=600&c=a357

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.123 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' *;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: qRWMAMxd72ZqUbCQ75_4YqAhN2aD19Tun84xevxxPzbw4nevbcOYtw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 281A 37 KB
14 KB 61ms
61ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 04:26:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 175433
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 02 Oct 2024 04:26:54 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 04F4 0
56 B 104ms
104ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bga-iVkUeZcTkCrGVjuwP7KG7qAIAAAAAOAHgBAI&bg=!4OOl46zNAAYMG8UMLBs7ADQBe5WfOAuAlp8CvxFB2Ldpj7WHxIvMjleqXYQjtFQp_cieqp9EChr8eGJVph-8-DYorWCgAgAAATlSAAAAC2gBB5kDKe-akJhx6GkDEX7FddeMRxXdqYCE26fxEx3_7zo_mrFHiiI1YnX-5nyJyr04PQF3DFxInJYL6hNvalaHlQpG52p1fMB6IaUch32-NLWDvATO5XIqZBwrHEZaV4NIoRm-WQKRsOK5hZToYui-eYK2yu5X-npvYq2Pl37wQY_yGG01v8pu4lCnIVwqrNeUG_rnD9MsilFgX4nIUSzHzuiy3HoyUWqDT6FT2MqoseKV5i6mMCziZD5I_zrKbR7cJtx-zoQf7I9QkGE0NK_hNehBEgeqP3gRt1EBzJtZrr6rjgQyLP8OSBJEcuwIf-NUptqQXy3JgNtEYWYf6lJja9vpSoJBXwn2uYDfln0seSkSiMRdTDMFUb0RXn9g8PAqKqhorj0RJJE_AV2L3Tt408we56nLXY9xbJwfhRNxp47R5xki_yWua9ZrbZd8tZofG4W0HKk6sxeHpdgOSMZns14hqhVjis8Asn7C7PXQNW8vY_HV2QKMgoMIHW9WJD0jZbIaugWYH3rWm1jzWZoehyZgnb_3ZYIdtygNsPV1RGXaeworEwmQQH-uzpNvrOfdrg1xlKweXQNe5Ig20l_Fs7yyaKYRBLMztD_dPv_eGmdCwJx5FydmUpoh6O3iUWIhYgvrhSDF2i0rdRvr_BzvxSL71xxKVR2YWWDrVZdN0tPCDQNmaiuPkeWPcEgudzd4M4PgqKy9N9OStdAtMmP4J8GUj1VEE5hxASz0wtsYbqnSoVjeHy4-0-XPfTIWPwY5jPIYKAB0C5h8YuahtCt63dN1Q4F4CkNZJ1bEzeNUArpTTPliFnjflqVg8n1MsiltrBJLUTFCPVx-6E1kgx58X4UspfEG8khqhNuXNy830VUkCEN0kGphPXKH5bBb09Wm6xaGxxGK079-nEtv_l1LAA1ieAkT_bI1ZXC9qyPgofFXLRVu7oXPwWiAoYwfpTf9v_Ayu0uov4DOZvsmCWSw1nlz4u-Aqp-UM0X3yAwO-c6SgIovxqlrqoQUw5lDnIiheG7msTwNsbbcdjpp4dClK0b1-wLv0NFIVkMA9OYBaSNcet1yK7p6bzuGMunI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-aOzr2AaMBuX_GqdM5VCftw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-aOzr2AaMBuX_GqdM5VCftw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-WIwJ1A_NsAgUolB9zC9Xeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-WIwJ1A_NsAgUolB9zC9Xeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.babup.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ== Show response
fundingchoicesmessages.google.com/el/ 0
200 B 105ms
105ms XHR
text/html 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UAaRAH3V5FiQjbSDEhnWHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-UAaRAH3V5FiQjbSDEhnWHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxVgXLVkCQfvMzw3E3bDhHD0VedmK8fReUmJ1p36W8Q_NcjOELZsF3-UA9rQyaXbS3sLHHKNvzi2aKk8nGrd5Fk_lypPnn_3fB3hvUSz1OlAjtBVrO9XwzHwAuXny0r1Y3D5Gcxuuw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 72ms
71ms Script
application/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVgXLVkCQfvMzw3E3bDhHD0VedmK8fReUmJ1p36W8Q_NcjOELZsF3-UA9rQyaXbS3sLHHKNvzi2aKk8nGrd5Fk_lypPnn_3fB3hvUSz1OlAjtBVrO9XwzHwAuXny0r1Y3D5Gcxuuw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjk2NDgyNjQ3LDY3NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsInRxeEtFQ1NGcUlZIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

75abfca5c27a5a249f3ba68ebf4abef823cc9dc339b5b408e709e3f2077331aa

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-c-L8SPQki7AH2H4oeIP2Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-c-L8SPQki7AH2H4oeIP2Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9AC9 0
56 B 74ms
73ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2351733508595&version=m202309260101&ct=119&x=1&cor=11602339623542004000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9AC9 42 B
108 B 85ms
85ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuCbcPTVxM1AieccKUsrtmEdpCQa367N9pbOyRl1V5rHbNm5spvHYSwV068E1OgaGwa5LyrPDU5yMC6fOp7QtIrSVFj-SJPvPZHVmiHFU-tBu8pFr1qAKHchAwAYbwR5jobi7fwCMq1lg&sai=AMfl-YRM_KRSpH31Okozh7MPY488_Z1sD2sFG4Be5DCtxf9GJ63a0Q3Cimd3WUH32YDyutfusPjU04YbNt599i674_HZzMVwhlN4nCgHFgJ481YXAvHOM1LCcy2CmU_0yrJefdfZVgqv1CDReDKQsQ&sig=Cg0ArKJSzFzPP-yUW7pkEAE&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&id=lidar2&mcvt=1004&p=0,0,600,160&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482644502&rpt=823&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A046 0
56 B 111ms
111ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9815452643603&version=m202309260101&ct=77&x=1&cor=3767901123274362000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 AGSKWxWOFAerNDaebaG1vMQiifMU14EyUtUy1RJBX418mu2rvAuGo1yrpk52R2M2u3MSI2f7aSTQDxQbdxVZIdJ-hCjfTQWo7HtcI3nFKa0Ctd5FZdSPoAuL40lr0efokSlXEe9UoEYj9w== Show response
fundingchoicesmessages.google.com/el/ 0
199 B 68ms
67ms XHR
text/html 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWOFAerNDaebaG1vMQiifMU14EyUtUy1RJBX418mu2rvAuGo1yrpk52R2M2u3MSI2f7aSTQDxQbdxVZIdJ-hCjfTQWo7HtcI3nFKa0Ctd5FZdSPoAuL40lr0efokSlXEe9UoEYj9w==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IdJiEc-4sMonNPFVBG9Yfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-IdJiEc-4sMonNPFVBG9Yfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxV14W96jMRzmVOpUWLGhN9AwhsOYc2YLcHYhyci7miuO9URutew-gn_iclR1YXsruoIGpaxm_5MKR8OoqNQwkdwcJ6xs0HEg-zwXmgVQ4PxcfjxfbHKS3CvXzz0GuLX8w9BjQYnIQ==

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dKMfY1jSFdAgw2s9Yz66iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Oct 2023 05:10:48 GMT
content-security-policy: script-src 'report-sample' 'nonce-dKMfY1jSFdAgw2s9Yz66iA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.babup.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 49A9 0
0 80ms
80ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231003&jk=3587502899473620&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 204 generate_204
tpc.googlesyndication.com/ Frame 281A 0
41 B 35ms
34ms Image
text/plain 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?U-UWrw
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.193 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 05:10:48 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 get
choices.trustarc.com/ Frame 9AC9 287 B
638 B 52ms
52ms Image
image/png 52.222.214.123

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 09 Sep 2023 02:14:11 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
age: 2256997
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: LBtCIZOTfW-vFqLy9rwZ--VE2Ukwia-NzBqCJnY8QAi6ezmi0NZNBg==
expires: Mon, 09 Oct 2023 02:14:11 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7CD4 0
56 B 107ms
106ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9500227918913&version=m202309260101&ct=77&x=1&cor=7573929915651489000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AC76 42 B
108 B 100ms
99ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstph5hYPkZ2TZYLy1YVXmEl1BTP591h3RWLoDnthk8bCOHKkTnEXQ2w2nfPis55M_og9a2XDEyfVFWEViumGEsAQOkiqhNKpzlxsQDUTtMa&sig=Cg0ArKJSzPAxVaIDkDsfEAE&id=lidar2&mcvt=1039&p=0,0,600,160&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=33&adk=4102376853&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482646146&rpt=800&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7CD4 42 B
108 B 115ms
114ms Fetch
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssDoF8Di4WFjM6Sq1rDIEjlXHbOFzSkPFE83vh-0WsjpjiWeSfedvpLtzuIrGh9ni3O26rosBTgdxvmXO2m4WJSgzvqMYw4JjTgYgvuYEGTQIuE7-0CAAjSovecbmgY42YIjuD2KyzTmA&sai=AMfl-YTnE8ur5UhhPBXrJCdo2FPcUuYLCCo80gtzWSWtKIqu_Bm5K1D9AHiCfxalGPDGfXNjS8x--cEIWmrKTQ8yj0dl1oyxTFl7iIdD6QAOYwYUSzE-VpZHW5CvKqoOD0_ESSL_oMgghL0KZu1xww&sig=Cg0ArKJSzBd6LYSWoeZeEAE&cid=CAQSTADICaaNVMxEfmH3xEMGPsA27r1jqzpyzYjUH_lqtlbJzqAMCrjn7D72gZQjO8ZhVkTwP4u3o5FneNau4aqh_XYQEzLf3eETniRhgi8YAQ&id=lidar2&mcvt=1025&p=0,0,604,160&mtos=0,1025,1025,1025,1025&tos=0,1025,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696482644549&rpt=1488&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Oct 2023 05:10:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame A175 287 B
636 B 44ms
44ms Image
image/png 52.222.214.123

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=_LBcidLB_&w=160&h=600&c=1696482642889529&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 09 Sep 2023 02:14:11 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
age: 2256997
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: ZLC-o6cwi-9TeWz951Etki3ca90h--7g4Ei-mPqHFDkq7XKF6ovjsQ==
expires: Mon, 09 Oct 2023 02:14:11 GMT

GET
H2 200 get
choices.trustarc.com/ Frame A175 668 B
1020 B 45ms
45ms Image
image/png 52.222.214.123

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=de_CH-admarker-full-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: f75784fbe15ac27a29c2e95ecbf0521261eb74ebfd448ef1e4d72670dae05e0b

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Mon, 25 Sep 2023 06:26:29 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
age: 859459
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 668
x-amz-cf-id: s8_wv7mkrZhvwtESwZTGizHH5rbBvbgPwLYZLFjQZB4dzbpVBtjwgg==
expires: Wed, 25 Oct 2023 06:26:29 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 97ms
97ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231003&jk=3587502899473620&bg=!ZGelZyjNAAbjlzx0w5c7ADQBe5WfONUrqzGZTXNkuSHGXyvF-O7DhN8ldQfGKyQn9FZg-LszmXh_ZyYZH5sO3dJ5x7tNAgAAAQJSAAAADGgBB5kCxAUMuALFVWzILjRWAP7AX892YQXC9okwu64okpeSjbwS7NohwvzmjqYvmqCpdji_Cwbkbw9hqNZp2drwVfOW1KqTYWeJjuPJ993sXBnSWvAisbh4Y5yHnEM2omxiowVA20S3EIpoWY19au17uTyoT6clGsKL4gbSDSGl3Q1TnaJYM8WVO1OWPpq9OMlzc-ccTleUiteCgwicbJS9GKXZDFqu59kuZiXmYlbeFgDAj95zNMTx_uNyVV8onFkY6yo6QgVAWgA3OLCJv2FWQyR0Mbu4tvyl9I5ZValIUmG_sfVLhIpGMV4NJsqhfcv40Ric8CLpTNqpsR3nzZ_mSikE5lfw9sHhZ0s4OdihKvRmGU2rUsvJHbwjXXzqTYXj-rDeRCL9NTecz5UoeGWeANrwRK5ChNWsUB9PGOVBrWCNr9rWb2Xt5QhlnvTMn8BPgooRdbtN5x_XOc-lobIr5S1pWOnfCdZ-Gm3p-57XmaVSGtCBNbzeMv94Wmjp6wm0KkfK9alvlNMyMibr3KYAfVnbsbEwhe4Yr9vhrFoOZ82w9qy0OkgmriuiYmnAUea7pZiyy-sj9xJjSQ1sSCY-l-ES4aJEnUzJqis5DWM183BJDVoLSXt-X-wc6sWBlaiS66VVVuUJJHI7sR-xzWTVWmCLKhYMK8zaIOXX_Hv5M-hiFnqJNozVBC2W-6Sov9-ztWXqsry4KIBxsPVe-RzqZRrEi4yocxK0ibeeewirUJB4kev9KgzOmUd1HCr0rtA1ADbFfl7kRrql4IDUb4rkW8_yH9aZs_JNi4DI9DZG39hLWXm8cG_59DqqC5z3FVkrPb5Ac4AGVaH3DQ43jWFDvDkbOvoxPDjOmR1hJxwfXNEz-dLXUmsepoTtacjFnsR_f0EB1ZbZltl3spBMyIXXtRMe0YaXVygWUCY3ywaDZOZ0EfopJlAKJg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: images.dmca.com
URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.file-upload.org/	1969-12-31 23:59:59	Name: lang Value: german
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Thu Oct 05 2023 07:11:40 GMT+0200 (Central European Summer Time), path=/
.babup.com/	1970-01-21 00:50:42	Name: _ga_3T7TKCZCC9 Value: GS1.1.1696482642.1.0.1696482642.0.0.0
.babup.com/	1970-01-21 00:50:42	Name: _ga Value: GA1.2.1841705873.1696482642
.babup.com/	1970-01-20 15:16:09	Name: _gid Value: GA1.2.1710443287.1696482643
.babup.com/	1970-01-20 15:14:42	Name: _gat_gtag_UA_119779859_1 Value: 1
.babup.com/	1970-01-21 00:36:18	Name: __gads Value: ID=1cf1bb5c0cc8488e:T=1696482642:RT=1696482642:S=ALNI_MbZ9YdfSvrUK-QGNPYTDKprk1N0PA
.babup.com/	1970-01-21 00:36:18	Name: __gpi Value: UID=00000c8e20a4f5cc:T=1696482642:RT=1696482642:S=ALNI_MbdYgCTauQM4RYNqcSUxY7LeBpUwg
.doubleclick.net/	1970-01-21 00:50:42	Name: IDE Value: AHWqTUnwz1pJ5svkrQbLeV6BNsHeZUqAiWjUwPNOZzcbqjT4f2zB5g2IPua6FP6kEks
.googleadservices.com/	1970-01-20 17:24:18	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-21 00:00:18	Name: CMID Value: ZR5FVFgzrViBJLiJpBVnMQAA
.casalemedia.com/	1970-01-20 17:24:18	Name: CMPS Value: 2239
.casalemedia.com/	1970-01-20 17:24:18	Name: CMPRO Value: 2239
.adnxs.com/	1970-01-20 17:24:18	Name: uuid2 Value: 7708285628336431708
.openx.net/	1970-01-21 00:00:18	Name: i Value: f25751fa-e68c-44e6-b27f-be3e79b68e1e\|1696482644
.teads.tv/	1970-01-20 23:58:52	Name: tt_viewer Value: 2c0b074d-10eb-461b-8378-2b277b2148ec
.adnxs.com/	1970-01-20 17:24:18	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU#qHOT(!]tbPl1M>e)ZlrFUfJ+tGXxp$BKgyF?7cJiFu@GUaw5HaFozrFb#qp!X1ETBbpRzqF1`b`(*7C2d

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://www.babup.com/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/ Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://www.googletagservices.com/dcm/impl_v97.js(Line 91) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v97.js(Line 102) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v97.js(Line 91) Message: Unrecognized feature: 'attribution-reporting'.
deprecation	warning	URL: https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=_LBcidLB_&w=160&h=600&c=1696482642889529&js=pmw2(Line 248) Message: Listener added for a synchronous 'DOMNodeInserted' DOM Mutation Event. This event type is deprecated (https://w3c.github.io/uievents/#legacy-event-types) and work is underway to remove it from this browser. Usage of this event listener will cause performance issues today, and represents a risk of future incompatibility. Consider using MutationObserver instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ajax.googleapis.com
beacon.sojern.com
cdn.doubleverify.com
certify-js.alexametrics.com
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
connect.facebook.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
images.dmca.com
mts0.google.com
pagead2.googlesyndication.com
partner.googleadservices.com
partners.tremorhub.com
region1.google-analytics.com
rtb0.doubleverify.com
s0.2mdn.net
ssl.google-analytics.com
sync.teads.tv
tpc.googlesyndication.com
tps.doubleverify.com
us-u.openx.net
www.babup.com
www.file-upload.com
www.file-upload.org
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
certify-js.alexametrics.com
images.dmca.com
www.file-upload.org
104.102.35.84
104.18.26.193
107.178.244.119
130.211.44.5
142.250.181.226
142.250.181.227
142.250.181.232
142.250.185.138
142.250.185.164
142.250.185.193
142.250.185.194
142.250.185.227
142.250.185.78
142.250.185.98
142.250.186.134
142.250.186.162
142.250.186.174
142.250.186.34
142.250.186.40
142.250.186.74
143.204.215.67
157.240.0.6
169.150.247.39
172.217.16.198
188.114.96.3
188.114.97.3
2.16.238.14
216.239.32.178
216.239.32.36
216.58.206.34
35.244.159.8
37.252.171.53
51.15.15.22
52.22.91.189
52.222.214.123
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ee71d6e7aa9c6db0846e030d36cc18892576f30b829bbbecd5289b9245a40e6
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
121b8349c3f3c6e88d860c9622e94908930aa64d56a95419a7e9f9ef26a8cc63
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1297bbc4543d8f62d2ad3f0aee7f7900286ea32407330bc164b8541483cc5f85
15bd89b4b3f694b9815c553cb3699da0aa21aaeea62eefac54d0f6259f1745ec
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18582475d1d53d95f2fb85b46602a4da2f25b0d7e0dbc0adea24d3ea52a2b87f
18cef7895d77d8dc5fa03d09537ae28c70139a0b184c2c3cf9966d0ecb9b84f5
1c3177b2bb09130b3eb00f3ec5cbc0a43c8c2dd90bfccb329359601cab1697b1
1c3a39de1dba045ffa693357f9ee5e7e9429a6d0dbad5de42ed3bb6c2767104c
1c4fcd649027e06ca4f1098bc06e260d68e149ab63b1ef2d48bdac57cadc0382
1f9ec28defadaff36ae53d25506a6c0e0120ae187b0e69dddc884e56f76fc397
2543b29c4ff2af5df567480754f62ec6e22c92272394131004671999ad5889ce
25891fc12e937a75d5bf71fe6a8c172e2f602e9efe98eb892e85a0ea73d180fe
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
2a0d6f9ee52f1e421bfe2e0388dd3f2b26f7c647ccdeb39f841a8ebc57cef65b
2aea29278b1c9b81b9fcb1fa2ee3f799636114988921da559a5f06cb1d2c0e82
2c0a8f02e8ef795aecc87e8e323c15fdf29287d20501d6ea0cf1dc53e2d2ea9e
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ff233d3b584bd23a2bbec47ef19ec479edd16ae282eb40605c5ee6b4216eaef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
4149f252125510e2732a827f921d6f6c01cc13c51f65b78fb37ced3fd205dcae
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44ce7ba46ff62986e910be45b4618240ec92852bae44f13323adb81aa33aeb25
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
47cefbe21632b3e75219d2953e5f2a024c510b674b408e45fe495767cff00852
4a164502bf06104de111208833f740f881d4c3fcfd8d269154979157bbf019bc
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
5aceb9edcea34bb69cbce4ff713f96f5d62f70bbd4bf5ef766bf058bed0fa21c
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d8a2ff02c5abb01ad495fe32bef1ee5975a073ba45e6342ef680b5f2f2fb2c8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
62babc3c2298079f95ecba1fe1a3b9e1d2df13809f3d9a3b11bd3fb6e5b78d8c
642077d9b5063d6f77d777b85c6ed19bbe884b1ce5122bbc6ef6f9cda8aa07af
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
65df64ea8bba4e38bd5bd07077b811ab3a05825bfa62f691e84c497f3a7017f7
6694de3e998537193b58da2fd3b46b6cd844df429ed93ea7c97b04a0477b20de
67c281b54092d49fa7e8ef1a92ff01fc85285dc4c7a116c7250010f00a1095c7
69c9180a5d71f3bfcc37de7dede698b33999328c5889503aefa1d52a23a8c53f
6a499e89193031106ea78452d1697913e3295aa84e0fe3aca39138cde54600e3
6b23a2a55e15ddffdc187b1107030f6ed53d4abe5d4c0900022451d20c3dfb54
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bc53d810c7057eddfb8f24698bcb90d0b9a46c368d8d2449b3d6ef13fbb6061
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6f4330cdf3335943f62d4250da86d2f930922fef1034acb1143511cc51b6bce3
729bb9007929a8af5c6f300c99e7c5899043ed1734d39fd6f4e0361b94d1adbc
743a258e9e16442b04027255b0214ed873724425db7eec597313cd5db9ae7525
74a9e67d871046e74f4a6ea816fa61aa38f56f1eeba64c2247157fd19cee9bff
75abfca5c27a5a249f3ba68ebf4abef823cc9dc339b5b408e709e3f2077331aa
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
787047a06f5e8e86af10939b5cba53c0d78a5c4189a70c0bad5724d07be0190e
7a9cfefbe46e47d6971a5d4487a2ee0e9812cba5f76668be71ac25ab8d88d6ee
7e2b27956da0220e3a28b7af3c42424021b1ca33ddc1859cfaff3b24b9c1c444
7f8d937ac3c24cd9099dccaeb3e160dba15d6396b7f8ada3ca95f9ef24633aee
819e9d9b71490ef7ae4284a0615ee183d12763e45c4e0d0a760a7d50c47b44de
81c0886c09bbedbd2f21d8be43cb4d5e29321999331265416d2c75eab6ee67ff
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
84dc56217d9e1adc27e1e5b4e0ed81c4897ac808f2729ffd6a902b93d5fbe788
85c702fc555543b0492919d28a6c4f078573788adf94cdab95da2438871566d3
8733189c3d8ff86bfd54c162b73bea66a007e7c6f6f0579b8a25225c2aa46cdb
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec
89549e135bde576577a5883d2015fd13920f12f3ddb0bfbfd0e69adfb1f77ef5
8a3042610693bfe109f6ff939b2e8bba417bfa8d7fe0b5e05d08316eabb7d55b
8b1ccf2d92e5e6235fcb23becebc6b98f5eba33abad7902763aa8b830be20bd7
8be8f432572fba9a5669684d4f89b81b9595700f40480eeecbfe7721ce5b2234
8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074
8f559b0eed7c1a9599a188d6b31a3d0cbd07031d6c638c92eae53a13c753cddb
9038a29399df3206a023bf3cc53dc08923f3ebf4d3c27e1a1cea0fb8b813eb05
949269f99574688c56e7d52b353df8263767b07928aa9db447db8cab8dbb0559
979fd433bf2247772fddeddd75d505fcdf94ae1460a52e10af1fa679c2e59038
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a141dcb908283174d96e81594208a298ecd14cbec8c04bd35d12f49dc079cf9
9c27de5a9c3688118fe663449b3c41ab4fb61aa010fa8eb69e20e15bad26ab49
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1ff5e441184a332c1230e3082320d940687d1354e845be0ef0c079af4b32642
a4037b2591046e33a3268b09a6fc1e620634b9beb92c59c1faf58379c96ce5a0
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
af6d8ad5bd78c2c7f2b996871e3dc1a58e4cb9390ef99884fe4244848ac79096
b00aa17b066dc18fff34000287cc97f9c46b55e27cb1fa5f4828d8ccf4c99fae
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b59e0c0d1cf93db01c65f1357aedb1b27cf41998f06af03d1039bb18e83b5f86
b6bdeb9c8bbaba25e2212ad0afa0f661c13b767a7064ce187f74947869e4994d
b89748b1c1cc74b2aeb8aa03db7975dbb704dccfcd802be96ae53e7ebd79a019
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
bf051f3ee7aa85b70fbdb5a9c4dbe61dc57372814f700b1b23ecb4f7dfb9ce63
c0385475c30c52d0c5f36cfcab2110f9a0d0799dc1550b846af954bae77c36b7
c0919980d52084cb401d51949e6af762502718719349cf7db3c73e0ad3be872b
c4ec171d8f202fb90c55007f2dc8ab43a7d089d5e7b717eb03b41fdb3907b261
c548a30c41171b00c7d332fc539aa7fa0dceb71fc7d91d4bc7b65ed3bfed8382
c9a0e13fa76f7929fcc709a1db13bcb7fb8c335dc169f82fbe5cfee360c5e950
d4ece3adfa6dca8b643e43ad2190f037a906ee62d0a192e908c40e01690bab94
d83973a899b781795375d0d7b370a4acfe4477fc1bf453a10c0f0219e24b16c2
d84ba387a4abb3a01a82a7b82c54c889963bf4aefee9cad1f8cf0fe68ebdcd8c
dac359cca526a175b42034b932fcc7d0bfe67229217b721e30348d6d597390cc
db598c4a37dc6643fcb9277b0c0850b6da3ad0fa9adf81b6c39d06a352abf6e1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e190295c81e3f3185741440267da9c25a36f29685f4b2456e4c1d3de64b5b08e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e63dc2a73afcfc9b99fef901404e796cb623aa18d689c0629fdc966f3f029962
ead1c99d032782ccc6233b71367df45ae4d73a200e930b22fe7eebb56dee7490
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
eeb5ee8a474885e6bc5c4a3d3f357efc4795743b8b46880e80e511306a62123f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75784fbe15ac27a29c2e95ecbf0521261eb74ebfd448ef1e4d72670dae05e0b
f78528639866dd9cef671ad7333d80c6032430c7572f1e7006c61b399278cf60
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f8f4a12f18b5f1abdb1688d4a75e3b8487b01e7fad0ecc3da3198f8d6d41ec39
fac3aa7f69f967e2b62a7cd19301c9e9d7198140750c4a7ff83ed083a9223693
fc9fe8ec0612072dc6d3b4acd268e09d28c253807f47846a5f70dd8360d1a0d1
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.babup.com Open in urlscan Pro 51.15.15.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

257 Requests

91 %HTTPS

0 %IPv6

25 Domains

38 Subdomains

35 IPs

5 Countries

3679 kBTransfer

9518 kBSize

17 Cookies

31 Outgoing links

Page URL History

Redirected requests

257 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

www.babup.com Open in urlscan Pro
51.15.15.22 Public Scan

Screenshot
Live screenshot

Full Image

257
Requests

91 %
HTTPS

0 %
IPv6

25
Domains

38
Subdomains

35
IPs

5
Countries

3679 kB
Transfer

9518 kB
Size

17
Cookies

257 HTTP transactions
8 data transactions