www.babup.com Open in urlscan Pro
188.114.97.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/qrzlhnflyury
Effective URL:
https://www.babup.com/file.php?get=qrzlhnflyury
Submission: On February 26 via manual (February 26th 2024, 6:44:26 am UTC) from SE — Scanned from IL

Summary HTTP 126 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 18 domains to perform 126 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is www.babup.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time www.babup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7 33	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	169.150.247.39 169.150.247.39	60068 (CDN77 _) (CDN77 _)
30	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	142.250.185.170 142.250.185.170	15169 (GOOGLE) (GOOGLE)
1	172.217.18.8 172.217.18.8	15169 (GOOGLE) (GOOGLE)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
2	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
14	142.250.186.142 142.250.186.142	15169 (GOOGLE) (GOOGLE)
12	142.250.185.161 142.250.185.161	15169 (GOOGLE) (GOOGLE)
1	216.58.206.36 216.58.206.36	15169 (GOOGLE) (GOOGLE)
1	172.217.18.106 172.217.18.106	15169 (GOOGLE) (GOOGLE)
3	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
15	104.18.8.5 104.18.8.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.85.20 104.16.85.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.9.5 104.18.9.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
126	18

33 188.114.97.3 (Amsterdam, Netherlands) 7 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.babup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.247.39 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-39.bunnyinfra.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.8 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.186.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.36 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.18.8.5 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.acotedemoi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.85.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.9.5 (None, )

ASN13335 (CLOUDFLARENET, US)

content.acotedemoi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 106 tpc.googlesyndication.com — Cisco Umbrella Rank: 161	632 KB
22	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 950399	550 KB
16	acotedemoi.com cdn.acotedemoi.com — Cisco Umbrella Rank: 420620 content.acotedemoi.com — Cisco Umbrella Rank: 617987 act.acotedemoi.com Failed	449 KB
12	google.com www.google.com — Cisco Umbrella Rank: 2 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 665	71 KB
12	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 ad.doubleclick.net — Cisco Umbrella Rank: 157	96 KB
7	file-upload.com 7 redirects www.file-upload.com	2 KB
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 590 www.google-analytics.com — Cisco Umbrella Rank: 31	38 KB
4	babup.com www.babup.com	14 KB
3	gstatic.com www.gstatic.com	17 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 226	52 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 306	15 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	151 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	90 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 362 fonts.googleapis.com — Cisco Umbrella Rank: 32	31 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 14958	10 KB
0	adnxs.com Failed ib.adnxs.com — Cisco Umbrella Rank: 259 Failed
0	casalemedia.com Failed dsum-sec.casalemedia.com — Cisco Umbrella Rank: 628 Failed
0	alexametrics.com Failed certify-js.alexametrics.com Failed
126	18

	Domain	Requested by
22	www.file-upload.org	www.file-upload.org www.babup.com
19	pagead2.googlesyndication.com	www.babup.com pagead2.googlesyndication.com tpc.googlesyndication.com www.file-upload.org googleads.g.doubleclick.net
15	cdn.acotedemoi.com	googleads.g.doubleclick.net cdn.acotedemoi.com
12	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.file-upload.org
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.file-upload.org
7	www.file-upload.com	7 redirects
4	www.babup.com	www.file-upload.org www.babup.com
3	www.gstatic.com	googleads.g.doubleclick.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cdnjs.cloudflare.com	googleads.g.doubleclick.net
2	cdn.jsdelivr.net	googleads.g.doubleclick.net
2	www.googletagmanager.com	www.babup.com www.googletagmanager.com
2	connect.facebook.net	www.babup.com
2	images.dmca.com	www.file-upload.org www.babup.com
1	content.acotedemoi.com	googleads.g.doubleclick.net
1	ad.doubleclick.net	googleads.g.doubleclick.net
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
1	ssl.google-analytics.com	www.babup.com
1	ajax.googleapis.com	www.babup.com
0	act.acotedemoi.com Failed	content.acotedemoi.com
0	ib.adnxs.com Failed	googleads.g.doubleclick.net
0	dsum-sec.casalemedia.com Failed	googleads.g.doubleclick.net
0	certify-js.alexametrics.com Failed	www.babup.com
126	25

This site contains links to these domains. Also see Links.

Domain
www.file-upload.com
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.com
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2024-01-21` - `2024-04-20`	3 months	crt.sh
images.dmca.com R3	`2024-01-22` - `2024-04-21`	3 months	crt.sh
babup.com GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-05` - `2024-03-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
acotedemoi.com Cloudflare Inc ECC CA-3	`2023-07-11` - `2024-07-10`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://www.babup.com/file.php?get=qrzlhnflyury
Frame ID: 92C819CE4479184CBB94882F71C991F4
Requests: 62 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20190131/zrt_lookup_fy2021.html
Frame ID: 135FB3169F21A579A6AC0A2F515D6FF1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1708929862&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=1&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862044&bpp=8&bdt=945&idt=703&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6754568027779&frm=20&pv=2&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=728
Frame ID: 38853EE058BA518D0D7D4D686300D084
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708929862&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862143&bpp=3&bdt=1044&idt=639&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=646
Frame ID: BB6FFBA92932413681C369B50AFCED53
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708929862&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862156&bpp=1&bdt=1058&idt=643&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=647
Frame ID: 0D11163B5AAF7CA3F625DC063747758F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1708929862&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862160&bpp=1&bdt=1061&idt=653&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=657
Frame ID: A66D790B0D6F39997811DD996BE00679
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A7BB5A40BB75F26E9A66900510F26FC1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F12E44E6A9B01335916847F43943C4BF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1708929864&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929864296&bpp=1&bdt=3198&idt=-M&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4669ee67819949ba%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_MbNE6YhONXv8nfuWH_clEbftK2ABg&gpic=UID%3D00000d629e319345%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_Mb84M9C0355aYoUlEaCuvFKlCte4w&eo_id_str=ID%3D8d98e3ca4b541b0f%3AT%3D1708929862%3ART%3D1708929862%3AS%3DAA-AfjZhv8zN8zBnCX_swRpat61C&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=343
Frame ID: FCCE5957CE5E970CBCD58E8688102729
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708929864&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929864296&bpp=1&bdt=3198&idt=-M&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4669ee67819949ba%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_MbNE6YhONXv8nfuWH_clEbftK2ABg&gpic=UID%3D00000d629e319345%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_Mb84M9C0355aYoUlEaCuvFKlCte4w&eo_id_str=ID%3D8d98e3ca4b541b0f%3AT%3D1708929862%3ART%3D1708929862%3AS%3DAA-AfjZhv8zN8zBnCX_swRpat61C&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=347
Frame ID: B73FF26C23BCF0A907E4790F8FD81162
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 5554174D27C0BC865BBA475A4AC5C031
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 1C4D7B023F8FCC9D969B671CD5628C10
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbVNhCM9_uZAxjJoviIAjAB&v=APEucNVYrlFXhEF6W_BiA9C0Gr71rzl3Lbd5GNWlOzOpI1pPt912AMd1ApcKf-PaWwC2JaeQf9b3vQl1U4ci8JER18kJKJ_DpQ
Frame ID: 3C1E50B59D69E1DC354F0DB7A5BCEA3D
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 6907FAB4CE67E5B116C7FDBE9D8C01A3
Requests: 33 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/load_preloaded_resource_fy2021.js
Frame ID: 193014C26897F641B5109A550C231461
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 49863AEAADA108DB1A5D70311F2F384E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/JdvibbZ7pdYNP3x_edcq2fSBaypuhp11EZJydPE6SQs.js
Frame ID: A71FBB07352ED5AFDC7BF68DA93F277A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/qrzlhnflyury HTTP 301
https://www.file-upload.org/qrzlhnflyury Page URL
https://www.babup.com/file.php?get=qrzlhnflyury Page URL

Detected technologies

Handlebars (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

126
Requests

87 %
HTTPS

0 %
IPv6

18
Domains

25
Subdomains

18
IPs

4
Countries

2216 kB
Transfer

5304 kB
Size

17
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.com/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.com/qrzlhnflyury
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.com/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/qrzlhnflyury HTTP 301
https://www.file-upload.org/qrzlhnflyury Page URL
https://www.babup.com/file.php?get=qrzlhnflyury Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/qrzlhnflyury HTTP 301
https://www.file-upload.org/qrzlhnflyury

Request Chain 13

https://www.file-upload.com/mngez/css/app.css?v=1 HTTP 301
https://www.file-upload.org/mngez/css/app.css?v=1

Request Chain 14

https://www.file-upload.com/assets/images/logo_new.png HTTP 301
https://www.file-upload.org/assets/images/logo_new.png

Request Chain 16

https://www.file-upload.com/mngez/images/anti1.png HTTP 301
https://www.file-upload.org/mngez/images/anti1.png

Request Chain 17

https://www.file-upload.com/mngez/images/anti2.png HTTP 301
https://www.file-upload.org/mngez/images/anti2.png

Request Chain 19

https://www.file-upload.com/assets/images/norton.png HTTP 301
https://www.file-upload.org/assets/images/norton.png

Request Chain 27

https://www.file-upload.com/mngez/js/app.js?v=20 HTTP 301
https://www.file-upload.org/mngez/js/app.js?v=20

Request Chain 77

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN-KG2X3uObyp6ggOPh9-Ww&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN-KG2X3uObyp6ggOPh9-Ww&google_cver=1&C=1

Request Chain 78

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENsutX4LFGtxJ_sKEM9KQvI&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENsutX4LFGtxJ_sKEM9KQvI%26google_cver%3D1

Request Chain 80

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

126 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

qrzlhnflyury Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/qrzlhnflyury
https://www.file-upload.org/qrzlhnflyury

28 KB
7 KB

415ms
156ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/qrzlhnflyury

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8c0db6b58eb95303d70d076e7cc57e3da9280c443ad24ecd9b4a993095b7e23

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 85b63809c8230e45-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Feb 2024 06:44:20 GMT
expires: Sun, 25 Feb 2024 06:44:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bI%2BZMyFQ44OKn%2FddPZ2cxMUfkobzbg%2BaOME6jyS1gP3NhEE9qpLr5PdGMnwLL18JND92zy%2FODgsDYbqLWKbFMsYbPaYBBbUF8EF9sXOyT7A3hMftrilk%2BGKAAvBN8jKN3kGJa%2FUv"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 85b638071f590d6d-MXP
content-type: text/html
date: Mon, 26 Feb 2024 06:44:19 GMT
location: https://www.file-upload.org/qrzlhnflyury
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amMnb1DcrZjjrz4upa4fKFulEpBHqymRwz7vHmxeFeri9q6cZvLocI8TY4Vvp%2FyZeZSkEs1G%2Fu5fL428lj7bUbyur7ggyK2glpqG2uiaAG9WvnTJTCSQdCCJG9QNYQGumY%2FG7NOW"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 135ms
132ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1958392
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGJuOxERTgyfF1RjxCSmJxuzS%2ByrGEDLWMZdKvfOheA7NKwdOUXuE%2FgINUMXuX3cf5FeeXsPJXbdTrbP%2Fu5cUtWVDOF5mWIGqIg%2Fh8RBbrSeiMTBsHZevLSICzjPXTJ1N8VZwNZ%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 85b6380ac9110e45-MXP
expires: Sun, 04 Feb 2024 14:44:28 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 230ms
228ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu0NvgNjpGAPwwDkj1pwd%2BvcMIgWUkv6cjtv8A2gjeHiRKc8FaK2mCimWMBpQfsm4DDlxXGkSLu84w7shlqR3Ye%2FzRzaWgM15NveMo17QCkxs9v%2BQcncEt%2FMPXjd0tidNrdcqwbD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 85b6380ac9130e45-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 128ms
126ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7523327
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JfdurgPcXBEXFe8SCgIOhzqbPZl80%2Fe4iLnaXasDWIC13cwdu8Nh3C1g7dwP9tpHMtns9NP1K4fjDWNsefzfjTZd0OymBoDk%2FlpPQeH6eGOO2pAuSK12UMVzSXyb6iC5wlQkAZKB"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b6380ac9140e45-MXP
expires: Fri, 08 Dec 2023 04:55:33 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 123ms
122ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 16 Feb 2024 14:40:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65cf73c3-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvpKGNWmCCvAIoZWebKvtvl%2BE9kjlDC0lOc%2F28GMwxxt8FCsspywb4Q42tj0vAqZfNY3TOYQuEgDNPHsHQn0W7o%2BTjAbzBWbVUR2HypNoxrcOZUl4svKMgEsLmyrF6hi3d%2FQwlsE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85b6380ac9150e45-MXP
expires: Wed, 28 Feb 2024 06:44:20 GMT

GET
H3 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 128ms
127ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7619835
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=engInuU2Eb2t98ldctLzqkJrrJMeQU7TKO5NOfvj6BXQ7reLBMd1CWmmtr7FUMMgekNwTecdNoP7tLn9vWvVsCa3q1CjmULCSAAJV4R2ffo%2Bm9SNqlXi%2BDjKSmzA5p3LpwCMEGCn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b6380b9b4d59bf-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

GET
H3 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
1 KB 242ms
241ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9438212
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoRIdSj93tsTpbmQ%2Bw%2FCw88XaSg8RQ5OZGG1lbt%2Ff%2BCCGzqATgnXm3S9pgCT2vGH%2F4IHHFogrE9HZ%2FuMJHJ04Z9rtIesfBRHzMbmF9fzzMXi2wULssu0%2BcUqrWGrGKbfDTuUBBOD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b6380b9b5b59bf-MXP
expires: Thu, 16 Nov 2023 01:00:48 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 377ms
118ms Image
image/png 169.150.247.39
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 034e9bf150f22a11075f2c6df449ea12
accept-ranges: bytes
cdn-requestcountrycode: IL
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 126ms
126ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7619835
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ijxye7S3bMK1qzN3Zuhbf0uf%2B%2FulGpvj0JMnqJh%2FqK8UNr6FY47MF3QBfDsSY9%2FB1aohYPDTMp%2B8jmHpthdqY0xRE3gcfqKC4UcrFkMswVhH5JgI01gsqWZVdQkcXCKfBVBeBmOe"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b6380cec8459bf-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

GET
H2 200 Primary Request file.php Show response
www.babup.com/ 23 KB
7 KB 535ms
282ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/file.php?get=qrzlhnflyury
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: 7a77bb69398bd402a6c2aaef45e0a648b13bf3e6e03958307dbea1691329616b

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 85b6380e78ab3761-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Feb 2024 06:44:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=60er2c%2BRELHwalvUICzjkeDP9MjEO7sl364m5UklXdxRv3PWEvvKjp%2BzAhGYSHujGg1QGdY3UOGXh5YJ%2BB%2B5pFuKON5qZjiA%2FFc6d038anvd9H%2BzP5%2Bq%2BoQUeW4vku2J"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.2.34

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 126ms
126ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9333483
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=94nH2Yun8xL986sz5CKJcL0mtIWX4avGWdK7Dwx9T9cwQ3BRTbSWbT2DuyfCFcFWUyg4Yc2CBcqeHo4EPuh6zsMwMPJWe6P2tsU4raBcHhsIzszTypCF8Uz1G%2BDlWLhia6mjOxg8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b6380cec9459bf-MXP
expires: Fri, 17 Nov 2023 06:06:17 GMT

GET
H3 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 75 KB
76 KB 148ms
148ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1539
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4jX%2Bag%2B5Y3231DGPI10liczDwSnvzCXhakpAopRDchriUsjPCzCSsN3iF4MgnNxq9wPmk8nw3phL17EQs%2F63Jw57TbaWBNgfSKfVyHyo66FhmUpIeUD%2BMjWWSRYCl%2BICZJvsPqf6"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 85b6380cec9759bf-MXP
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H3 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 354ms
354ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 554
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LXYMf0yPJ2%2BSoOoqp2VKyrN77vE8chZLgxCqygXkfaKDSwSCbBa%2BjkxIBsHt1Cptfww33Eng8pakIMMWebhS8MwVcFwLD2VSfDP0FCwRSVGna9BTV82SLprQV5MdXDVmAR%2FBQGA"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 85b6380cfc9c59bf-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET
H3 200 poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 354ms
354ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:20 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3270
etag: "1ecc-5fe4d56c90801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IexRYPv9NlQ3fRjlUSQTv7Cq9FHM4Lc9Wpb652cdem%2F2JrmnjwY2ydKnjemT7JOd%2FryFsSkffKxWYq5lSxhlywSoWI8TJt2Ln9XbYTBBrP9fRpMSc6B4r79P30XO4EwVU1L8XaB8"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 85b6380cfc9e59bf-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7884

GET
H3

200

app.css
www.file-upload.org/mngez/css/
Redirect Chain

https://www.file-upload.com/mngez/css/app.css?v=1
https://www.file-upload.org/mngez/css/app.css?v=1

247 KB
41 KB

131ms
130ms

Stylesheet
text/css

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1958393
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lg%2B0rjzf8spNn7Zoc5BVSMXtmFxZHgK8SzL7McYlGvFs68bRRbOhYFjtaiDXOVjsXt0Xlaiu0UFLYVr8bhYT9Ev3O3at1WKlNmelGmFHmU36M1qpVgPj4Knvo9GVuNgN9q7xK75o"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 85b63811186759bf-MXP
expires: Sun, 04 Feb 2024 14:44:28 GMT

Redirect headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 961
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LQVahrPOukYXa%2BtAiPsWK%2FBRm269UudVsCtToFD5SSe9aIpC8G%2FmexDefxvyMEql3RCBufQ8kfX%2BHRXY3VsV1%2BIhmlRTnImDyDmKQ7rIQtGm3eg8066mA3DRGYXp7s%2B9IIe0XtZP"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/css/app.css?v=1
cache-control: max-age=31536000
cf-ray: 85b638104b850d6d-MXP
alt-svc: h3=":443"; ma=86400

GET
H3

200

logo_new.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/logo_new.png
https://www.file-upload.org/assets/images/logo_new.png

3 KB
4 KB

125ms
125ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7523328
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=48ppz6DnpST8%2FCkMAyRPn249Hhl6yJfk1zWmYWS%2BxDI33jMUMACiR0eeRla3GSqdqe1D4mtPd4t3BUahscxGoOLgAaS8Jv%2BwYRp7GgPFvK3vGO9gIZS6EXwBVO4i%2BGmMtLpk9ISr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63811186b59bf-MXP
expires: Fri, 08 Dec 2023 04:55:33 GMT

Redirect headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 961
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EzcGyW709cNdgZzg0lC6NzB3wkGBw28K5DlvLQsTF3mPUhzJNW65RVlLbj2s9DqWv4h9AufdWvC1QKzFUttLUEbDBZna9TG%2BIx77wCbsMI4oHP15zFLmNjv9pvhCZtsOAco1sdSH"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/logo_new.png
cache-control: max-age=31536000
cf-ray: 85b638104b880d6d-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 121ms
120ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/file.php?get=qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 16 Feb 2024 14:40:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65cf73c3-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bfXabDh5yEpniczYeYLyy8XUTHrwgl28HMg%2BqBmw%2BdAc6Ibh%2FU6HbpjMiSGMh9ylczS7LeYVVFuWXOPbKk299brVVSpH35i2noBVogY60UkrS0EMW9vJTuss7Q6nn1na"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85b638104a0e3761-MXP
expires: Wed, 28 Feb 2024 06:44:21 GMT

GET
H3

200

anti1.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti1.png
https://www.file-upload.org/mngez/images/anti1.png

19 KB
19 KB

126ms
125ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7619836
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FTIHX2qEqsaBDHixZimuam1RrSyUmcQ4OVGqAz7Qhf5Z8orJQKsV19Hny1Dk3oHoNYkeYrr%2FUHucOHgl%2Fe9IDSPX6sJcTl1gguunb8MYMGI06XWQZdV%2BglWV%2FYsXClXBGRVxBZ%2B4"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63811388e59bf-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

Redirect headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 961
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BkdRaiX%2B2B6XUrE9pHLGLzLoy2kjqIZ7BF6LzkJF1Ue5oEQ0kpcn6q4lgNNDj1kM%2FbZte63cZKtiKuJNK%2FZkjdDP76PEFGgT33EDObrOXvpw9jvB609FNgHygwhFjer5iyjAtf5e"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti1.png
cache-control: max-age=31536000
cf-ray: 85b638106ba00d6d-MXP
alt-svc: h3=":443"; ma=86400

GET
H3

200

anti2.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti2.png
https://www.file-upload.org/mngez/images/anti2.png

641 B
1 KB

127ms
126ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9438213
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq00uq0nd7y%2FEI44TzbDrH5%2Bkn7VwlxNDh2wDpbt9W%2BdkBlVAu0zTbHeqSP1LeXcHVclGokytL0sEuwmRs9%2BN7RMDwzISybq8j4pKGyDPFwGj04Pq0QqxiOsG4gAJHv%2F8hi83fpA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63811389059bf-MXP
expires: Thu, 16 Nov 2023 01:00:48 GMT

Redirect headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 961
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGQvVWqgw60QRaVKdGrFaqTtqvIZ2eZ5IPfNRB8ssmr5P%2B1vqZoxhIRlRWpmU8hSjDo3B5EOnK6xW08WcE5b9f%2FDAdzoLq6ganHgdN5R3pRl2tgJKZvUZAVwTMEdsEmxU8MMK%2Bx0"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti2.png
cache-control: max-age=31536000
cf-ray: 85b638106ba40d6d-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 122ms
121ms Image
image/png 169.150.247.39
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-39.bunnyinfra.net
Software: BunnyCDN-DE1-1082 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 033898b132fe9ca151a6e85c4d39eff7
accept-ranges: bytes
cdn-requestcountrycode: IL
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3

200

norton.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/norton.png
https://www.file-upload.org/assets/images/norton.png

5 KB
5 KB

126ms
125ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7619836
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O1Asq04G2XENWid7R5%2Flf8L6KD5Hd5d3s6Bbrb24EvdfQAQNGzrS5TEaYLd9VES9EtIiTPgVg4sh3zFJ59CKGJSY%2F2kWZR87GWn9xDevHaA4qJnq7503npZz6gDH9QQ%2BvdNKyMtV"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63811389159bf-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

Redirect headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 961
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3RuynoroZmop0mbtxfZg%2BUmxSXvwrx%2FpVi6dw9bWsoiNB4%2FiDwKPf5UaOz3vtPc%2FLHh2lPJIsOodFOysF3B1VD5bRg%2FhpQQoZHJAjbsdeSMtZUCT6O3SxDtg%2F3MBb9He4%2B9gvYH"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/norton.png
cache-control: max-age=31536000
cf-ray: 85b638106ba50d6d-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 rocket-loader.min.js Show response
www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 121ms
121ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/file.php?get=qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 16 Feb 2024 14:40:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65cf73c3-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OT%2Fqyr49zAoPaUswUzq2TQMFnds7rSMU%2F%2ByoT0OrVqC9attfX09d%2Fk113cQcNDVVe7pKh8tDzT7rpOcIFSQacnePHTBwghPO2BgOtWh7HjYVVgU9ckjp%2FThodFVDoHRl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85b638106a223761-MXP
expires: Wed, 28 Feb 2024 06:44:21 GMT

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 128ms
126ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9333484
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixOd0T9Gf2D6c9SuOuTsIi3EJ0kkeyb%2BXuldDfxZpkVhOulI6O1QhRcsabVNe%2BpmyvzgzAgCzCS51xNdlMYieWzupUYzDEobIDX%2Febpkw0X4S4X5JLCwmg7OJBONo%2Fg4DjNITahH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63812096d59bf-MXP
expires: Fri, 17 Nov 2023 06:06:17 GMT

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 430ms
170ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ad930c38e5710585a49969ac41a828adddc3a3c57d2e21b9f0c5c7f188820dfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51292
x-xss-protection: 0
server: cafe
etag: 3841377305908218974
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 26 Feb 2024 06:44:21 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 380ms
122ms Script
text/javascript 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 00:55:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 539335
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Feb 2025 00:55:26 GMT

GET
H3

200

app.js Show response
www.file-upload.org/mngez/js/
Redirect Chain

https://www.file-upload.com/mngez/js/app.js?v=20
https://www.file-upload.org/mngez/js/app.js?v=20

235 KB
80 KB

197ms
195ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=qrzlhnflyury
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yF4yqV1ArDyuBrnnXRswoF0AeVE0P2c4dHHGiH7aAMlvglH72jzAblKawxXqyEAvux3PkAYzP5Bqv0xkgNmhYrtb6And09Hbf1j8G4cWOtttficq9In1bCNEQXGLa1%2F6bS4FtvZK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 85b63812ea9e59bf-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 961
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RO0qWjtbEKriCI1MEHPGZxAYfQ2ug0dvHvn2JRS5YdmaHAHMSsLQFW%2BraQlWat83wu3PRoHHBhHVsxN6vTCJBgDEPYErs5gLs3MKBflVaZ8DWYMnEcg47bdpy0gvTSyFANUtp%2B5E"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/js/app.js?v=20
cache-control: max-age=31536000
cf-ray: 85b638121dc50dc5-MXP
alt-svc: h3=":443"; ma=86400

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 388ms
124ms Script
text/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 06:02:57 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2484
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Mon, 26 Feb 2024 08:02:57 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 365ms
119ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

8b6feb184b85e321282ba00b533c2f3d9f6b07783dbda62a950d21a8a4b922c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 06:44:21 GMT
content-md5: JOxFwSGKhsqMdvW2KyKxXQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: MzkviQ3twFZu2I53IxjGmaeQdU92xShVswjmEFQO2GszADRywr4C9aN0QpbX5Dp8aj4Qqle10442008uf69ZKw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 2fe98e25a6cd9dbf244952de15bef828
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "ce65b1c4b45aca5c5405373efe4401ad"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Mon, 26 Feb 2024 06:53:40 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 298 KB
87 KB 362ms
116ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

f9d2bdf82b77a0507ff36de46ba130b63de34f7c0300832e36b77fd99542b6b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 06:44:21 GMT
content-md5: gLv4GzIsJ96ReiNX8ZsVMg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87208
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: 7gmPbClkIihtdUByotUrZ317E3F6qlb+pL6HQ64RWEX+rq2dVGPplIieLJKOkkJipCW0DAx430w05VJsZjIRCw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: b982df1b3dbe6696dbcb0fd5b8390abf
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "08bbc0288d6c7b072309bf53f9c1bd3f"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 21 Feb 2025 02:04:26 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
69 KB 397ms
135ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d5f0966a15793c226b1dbcd7b2ee694f8229cde7413c05e3c603175f42df1f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70705
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Feb 2024 06:44:21 GMT

GET
H3 200 blockadblock.js Show response
www.babup.com/ 6 KB
2 KB 128ms
127ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/blockadblock.js
Requested by: Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/file.php?get=qrzlhnflyury
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 888
cf-polished: origSize=6947
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 22 Aug 2023 10:11:48 GMT
server: cloudflare
etag: W/"1b23-6038039110a59-gzip"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btNxyl8RmJ5ZmMSxmvn6tMHyB9o0E2GrPA7cLzJgKfOnURY%2FV320Zt%2BDtNY1LaxyKXcclRSloKbsQVaLwCvVMgHDit9Eq90ozKE2CdWEFUwfpJZbJqzve9Up80tnZwW4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 85b638121842374d-MXP

GET
H3 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 231ms
230ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4979245
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rgjrL05g89QP59h7XITVaL6l4%2B1uME%2BFYqjDHJ%2BhBu%2F%2B56YPDspKnhY%2B9vonNhu0cC92RwFYtfnjfr99cABS%2Be1hY1wTZJedZmFpy0uBlzk1Zz%2FEI%2FCfI4ObU8vbP09TvWGzzSdw"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63813abd00d57-MXP

GET
H3 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 231ms
230ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4979245
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Jz0UdogzWYXDUiMBjAi4KjB924Z1HbNAR8Pfoo0jnfX7qNK0iU3WHeHSGbWukEFrSWp5%2BHLW711V3ynii1oQmQkmCB3lq6GvIwiHt664hwHaK%2BwjM1Dg7gJFncrbh5RI4MpQmwZ"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b63813abd20d57-MXP

GET
H3 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 129ms
129ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4979245
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ogg3AGDLWY2yYQmSMhAhvKKC3gzMlUCmCNfAPFzvF8zaLyoHuitC8oP8tUVN197vZafir15oamI4QRYUSDDO9apWVQJ0yRjzi3JKbZbdhoz7NUamABUT4oav3BGdNOKYRZKvS9hW"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85b638150d860d57-MXP

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/ 408 KB
138 KB 419ms
175ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b816ffa8bb25e6ddbb2fd32cca97221977a12d0f0e99ebf1e29826b096cd83d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141551
x-xss-protection: 0
server: cafe
etag: 10005742508730006474
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 06:44:22 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240221/r20190131/ Frame 135F 9 KB
5 KB 376ms
122ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240221/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 44016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 25 Feb 2024 18:30:46 GMT
etag: 3890843268177463596
expires: Sun, 10 Mar 2024 18:30:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
81 KB 139ms
138ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b74b9421def22888527d289bc3b3997d09ecbdb6c9e5728aa35ef36b7fc5cc1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83129
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Feb 2024 06:44:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 384ms
124ms Script
text/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 05:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3373
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 26 Feb 2024 07:48:09 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
50 KB 169ms
168ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

31a60c88c264d529d267b0d2c9dae3530ae59fc9970162e2d132d6f6fab1b395

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51292
x-xss-protection: 0
server: cafe
etag: 1534301842732625068
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Mon, 26 Feb 2024 06:44:22 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
170 B 214ms
199ms Ping
text/plain 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je42l0v9114416819za200&_p=1708929862077&gcd=13l3l3l3l1&npa=0&dma=0&cid=1807250169.1708929862&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1708929862&sct=1&seg=0&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1807
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
91 B 131ms
130ms XHR
text/plain 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=688351522&t=pageview&_s=1&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1862919146&gjid=1060918770&cid=1807250169.1708929862&tid=UA-119779859-1&_gid=961083501.1708929863&_r=1&gtm=457e42l0za200&gcd=13l3l3l3l1&dma=0&jsscut=1&z=1244813696

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3885 223 KB
61 KB 1237ms
1236ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1708929862&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=1&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862044&bpp=8&bdt=945&idt=703&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6754568027779&frm=20&pv=2&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=728

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e6713d7c59fae2970c6801f64d4fac34c5dbf1b4caff5b0ba44eb14aae66b24e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 62271
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:23 GMT
expires: Mon, 26 Feb 2024 06:44:23 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 169ms
169ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240221&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

3cb6a5a201e0931500ad62d7527bac07a95da2d182a34e6931607f085c8c6992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12368
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BB6F 841 B
428 B 499ms
499ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708929862&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862143&bpp=3&bdt=1044&idt=639&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=646

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b5a06775668129b82a7ad88e98dcd6be2fde71a15cb58a630b7eda8acc9a6482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 404
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:23 GMT
expires: Mon, 26 Feb 2024 06:44:23 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0D11 841 B
434 B 515ms
514ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708929862&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862156&bpp=1&bdt=1058&idt=643&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=647

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8853c9370e6f22974c135a5e058a9262d8cedb281b2f015e1e50f9bbc592c2ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 410
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:23 GMT
expires: Mon, 26 Feb 2024 06:44:23 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A66D 841 B
431 B 525ms
525ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1708929862&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929862160&bpp=1&bdt=1061&idt=653&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=657

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9ea551d5c459b9c5a023c2ad94756560aa1d831f236c68f6bf1588b4abaf6558

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 407
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:23 GMT
expires: Mon, 26 Feb 2024 06:44:23 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 379ms
130ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Feb 2024 06:44:23 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A7BB 13 KB
5 KB 123ms
121ms Document
text/html 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

accept-ranges: bytes
age: 5496
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 05:12:47 GMT
expires: Tue, 25 Feb 2025 05:12:47 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F12E 829 B
1 KB 423ms
133ms Document
text/html 216.58.206.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f4.1e100.net

Software

GSE /

Resource Hash

87342aed0ab0e27ee21660767dda8b8f8c41d32a2ea6682fd5ce1674720e9745

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SIwGcyROHlJPl0IRS_2dGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-SIwGcyROHlJPl0IRS_2dGg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:23 GMT
expires: Mon, 26 Feb 2024 06:44:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js Show response
pagead2.googlesyndication.com/bg/ Frame A7BB 39 KB
15 KB 122ms
121ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 05:11:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15302
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 25 Feb 2025 05:11:35 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F12E 0
0 152ms
151ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240221&jk=1858344323566930&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/ 166 KB
56 KB 167ms
166ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

890c10e65b198d39eeea7ebfa0820f44187778fbe504568c37cea00c4f205e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57369
x-xss-protection: 0
server: cafe
etag: 3958859574457122519
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 06:44:24 GMT

GET
H2 200 ca-pub-9176521898341909 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 403ms
152ms Script
application/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9176521898341909?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

4542f385ca5b956e53a81a508728e5e3adf793a5c701acea6fcea9eb1f4fafc7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-268fJSlAfsS8vVmLJIuHqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
content-security-policy: script-src 'report-sample' 'nonce-268fJSlAfsS8vVmLJIuHqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsKoxSXF4KUhxXDy1m2mi0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgZvzzgokTiN99ecnE8_UlkwQQawDxO8lXTN-AeIePBwvfuumsKkCsu346aygQxzyfzpoCxItZZ7CuBmKn9BmsQUD8OXMG628g9qmfwRoDxEI8HCeefVjHJnBj5qszjACJUEXz"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/ 90 KB
31 KB 170ms
169ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/slotcar_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

5c2217b06478414e3a36692287923161da000f2da989cba2b2dd04803efcd5c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32126
x-xss-protection: 0
server: cafe
etag: 1111830651880419301
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 06:44:24 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A7BB 0
10 B 125ms
124ms Image
text/plain 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ITpLDQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 156ms
156ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FCCE 436 B
239 B 512ms
512ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1708929864&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929864296&bpp=1&bdt=3198&idt=-M&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4669ee67819949ba%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_MbNE6YhONXv8nfuWH_clEbftK2ABg&gpic=UID%3D00000d629e319345%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_Mb84M9C0355aYoUlEaCuvFKlCte4w&eo_id_str=ID%3D8d98e3ca4b541b0f%3AT%3D1708929862%3ART%3D1708929862%3AS%3DAA-AfjZhv8zN8zBnCX_swRpat61C&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=343

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

4ca0b53e9b099b2354ca25da254253de262c4d7baf328cf6b2ca43119012bbce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:25 GMT
expires: Mon, 26 Feb 2024 06:44:25 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B73F 436 B
238 B 504ms
504ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708929864&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708929864296&bpp=1&bdt=3198&idt=-M&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D4669ee67819949ba%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_MbNE6YhONXv8nfuWH_clEbftK2ABg&gpic=UID%3D00000d629e319345%3AT%3D1708929862%3ART%3D1708929862%3AS%3DALNI_Mb84M9C0355aYoUlEaCuvFKlCte4w&eo_id_str=ID%3D8d98e3ca4b541b0f%3AT%3D1708929862%3ART%3D1708929862%3AS%3DAA-AfjZhv8zN8zBnCX_swRpat61C&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=6754568027779&frm=20&pv=1&ga_vid=1807250169.1708929862&ga_sid=1708929863&ga_hid=688351522&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31081318%2C44795922%2C95325066%2C95320870%2C95321867%2C95324155%2C95324161&oid=2&pvsid=1858344323566930&tmod=1612444663&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=347

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

57b13aaf42808d7bc7aab013942cb88ef8b3be55aa8a16dccc562f074c63209b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:25 GMT
expires: Mon, 26 Feb 2024 06:44:25 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/ Frame 5554 9 KB
4 KB 121ms
121ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 42875
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 25 Feb 2024 18:49:49 GMT
etag: 3890843268177463596
expires: Sun, 10 Mar 2024 18:49:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/ Frame 1C4D 9 KB
4 KB 121ms
121ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 42875
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 25 Feb 2024 18:49:49 GMT
etag: 3890843268177463596
expires: Sun, 10 Mar 2024 18:49:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxXvyXws_V8-DaO0Uj1a0dylkXDJjE4rqGPg2Kf3PR7mDXm4-IFoZLICClI_3mMBSzQKdcHswO7AATMz62LGW4uNo4u0PELSOUpSHgeCI9A6FfWTVVGUqs3P-h3U0irPJXu4Tn_8qw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 152ms
151ms Script
application/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXvyXws_V8-DaO0Uj1a0dylkXDJjE4rqGPg2Kf3PR7mDXm4-IFoZLICClI_3mMBSzQKdcHswO7AATMz62LGW4uNo4u0PELSOUpSHgeCI9A6FfWTVVGUqs3P-h3U0irPJXu4Tn_8qw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4OTI5ODY0LDY4OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIjZUR0xJVEhmVzZjIl0sWzksIml3Il0sWzE4LCJbW1swXV1dIl0sWzIwLCJbbnVsbCxudWxsLFs5NTMyNTk5MV0sMywxN10iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.iw.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMykZquKmiiKBMk8M3PisFyzoVKIYg/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e8af1bbffa09030cadeec9e43e8e6d60cc377c6a9a70841106902815802d036a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-huZ6YxEceq571plA-ye1Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-huZ6YxEceq571plA-ye1Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJi8NKQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIR6OE88-rGMTuNE_7QsTAIAcQK4"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 154ms
154ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240221&jk=1858344323566930&bg=!U1ClUB_NAAZ3BdUuVwU7ADQBe5WfOATZwhygUfjI9byW4h9kSvT_jg40-mo7hH8tl1RQ7TTU-4Tf9QSr78t8C0GbHJ9jAgAAANVSAAAAAmgBB5kCx7MQ9ZXtKRMHmUj7GMxedWABd8R9LH7Z3Hu3k6UwPMyfPkBV9vEsvhweIyPg6mm3kk6ZU3AvQsQYJkH3NWaEiJKHnqoFtz-pFQxKquying8sNd7_YxfSQpACICiWxtZEufzJ61mEdr119YRi5odwivfrb_anNqAeGSEeVA8EurLEiCaQIQV7I44xBCa4rR6imnptdLHSu8C6hn1k9SvatNxvVdkaILvmzTwrZ3uUVjVczSk3LIYScPZoiMKxtoyA-2NkU5pKByh4wzgLGZnWAOmRt5VoZxfU84RmN9SEZ8TfYgTe3BKBpQ4QCjo_C5skkNvlBPj-aCMsw9jxlYzzViB293KfCWYVA5zwOcOzrJhri_IpNhFdzrTHGMsFM-OqrysrcvAjZDP1JuPTq8YjV_jK6I8SHhcQfzJgOeqP1S8rFUy1mUHdhZzMT6sFwVC9PCp7od5UG2T-9JwCnc59m9jRGf9_g-aqkLhrEAPAEBLBRC3L8iwpFnrezZFh5qXK1iBgD6BSCZd6SwAaGXa5lgyvYPP9KX2oNXNWYV8O5M3Q6gPx1DDw8id6U3gXxA8q7NvO1rpJ5WmuOxcuU_Xzyw_Q5p3A_L5EfM5tpXOie7xMbel35thKhePc9-P2Nzw-pxymHenI39mUUIJnChnvpHoJOYIapHGT0Mx5AlAWnX-Q-dFRBfnnZpZenFgY8ly4SO428CmSD_PiWkYV5eqUWi641O-Jl-NIisYpIa7gKFVV1CYLmQO8D3NWU0Alhf0ZABFfXMqNHwzJJHJ3tpxfu2FfJdDyTjMh6IhHxwiOMwAt8WioEGBLFYLBXqVvhrLRg5KxlmLYUHenAQxh8fqNn1HE8gHx_1rWRPKutHpXFrD2qQxHNxU2VFLQLz93rHVC607Qcd0N8kpxucja-Zsh-ldnsYONQOllYwLZYBs7lcVXy25E-kVo6Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 css2
fonts.googleapis.com/ Frame 5554 5 KB
1 KB 395ms
131ms Stylesheet
text/css 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f10.1e100.net

Software

ESF /

Resource Hash

47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Feb 2024 06:44:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 06:17:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Feb 2024 06:44:25 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 5554 205 B
651 B 388ms
121ms Image
image/png 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 07:46:35 GMT
x-content-type-options: nosniff
age: 428270
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 20 Feb 2025 07:46:35 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 5554 604 B
695 B 388ms
122ms Image
image/png 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 11:33:32 GMT
x-content-type-options: nosniff
age: 69053
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 24 Feb 2025 11:33:32 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/elements/html/ Frame 5554 15 KB
6 KB 126ms
124ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

4b61d8691097f35768bf7d91d6cd291fcfb2bb2cb5334ae145faf11e652e0ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 23:45:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25147
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6496
x-xss-protection: 0
server: cafe
etag: 2240975554753911238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 23:45:17 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/elements/html/ Frame 5554 22 KB
9 KB 126ms
125ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

ce8c05a7248a3803ffc6d3a871f42b125e2358c700a59e082501d81d5c94400b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 23:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27051
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9139
x-xss-protection: 0
server: cafe
etag: 14231659491099539135
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 23:13:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3C1E 624 B
246 B 161ms
160ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJbVNhCM9_uZAxjJoviIAjAB&v=APEucNVYrlFXhEF6W_BiA9C0Gr71rzl3Lbd5GNWlOzOpI1pPt912AMd1ApcKf-PaWwC2JaeQf9b3vQl1U4ci8JER18kJKJ_DpQ

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 06:44:24 GMT
expires: Mon, 26 Feb 2024 06:44:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6907 93 KB
33 KB 159ms
158ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 06:44:24 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 6907 3 KB
1 KB 127ms
124ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 05:12:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Mar 2024 05:12:09 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 6907 20 KB
8 KB 131ms
128ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

e7afde571c53d192943a40b3b7f109e698bb47e6d6424bc7d1f53a7cb9466360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 23:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27594
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8211
x-xss-protection: 0
server: cafe
etag: 3968847549730513390
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 23:04:30 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6907 204 KB
61 KB 123ms
121ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

1be58ac66106f8f26b344b506dbca6968b96606a5bb9f89dac5678dfaf9522ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1970
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62895
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 07:11:34 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6907 42 B
63 B 153ms
152ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BldGz81iZpjjxhoDoDsvopVNWTaO4Rb8cgusmMV0_QO-ptBxUV2q6iXvU9xjEQ-PRlwcwG0O0YCz8vRUXw8M_nKXKWh-aCBtv6n6a2xntkllJXrW4

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxVz0VI-lyOBzTcqHYA-vPA7fc8tlGvXQeqnYfR7dmuYcfENp-B56ZU4r9LbYTbAii5S9DoJTt0WJaiE2Z7bnSx7fMlhZZxgFm7Ly4IBRVdIVak13XPJF6M7r2uQdDJ6iI59uaRHYA== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 162ms
161ms Script
application/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVz0VI-lyOBzTcqHYA-vPA7fc8tlGvXQeqnYfR7dmuYcfENp-B56ZU4r9LbYTbAii5S9DoJTt0WJaiE2Z7bnSx7fMlhZZxgFm7Ly4IBRVdIVak13XPJF6M7r2uQdDJ6iI59uaRHYA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4OTI5ODY0LDg3NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmJhYnVwLmNvbS8iLG51bGwsW1s4LCI2VEdMSVRIZlc2YyJdLFs5LCJpdyJdLFsxOCwiW1tbMF1dXSJdLFsyMCwiW251bGwsbnVsbCxbOTUzMjU5OTFdLDMsMTddIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

7a1080061a1f9f5311328cf241f741be103f8bf8dba5215e9c841944e4de052a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ebbhkEODx5Qkplja9Jh_cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:24 GMT
content-security-policy: script-src 'report-sample' 'nonce-ebbhkEODx5Qkplja9Jh_cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KwhxXDi1m2mC0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgZvzzgokTiN99ecnE8_UlkwQQawDxO8lXTN-AeIePBwvfuumsKkCsu346aygQxzyfzpoCxItZZ7CuBmKn9BmsQUD8OXMG628g9qmfwRoDxEI8HCeefVjHJnCj5cJFZgCDOEXC"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET

rum
dsum-sec.casalemedia.com/ Frame 3C1E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN-KG2X3uObyp6ggOPh9-Ww&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN-KG2X3uObyp6ggOPh9-Ww&google_cver=1&C=1

0
0

GET

rrum
dsum-sec.casalemedia.com/ Frame 3C1E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1

0
0

GET

bounce
ib.adnxs.com/ Frame 3C1E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENsutX4LFGtxJ_sKEM9KQvI&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENsutX4LFGtxJ_sKEM9KQvI%26google_cver%3D1

0
0

GET

bounce
ib.adnxs.com/ Frame 3C1E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

0
0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6907 0
20 B 152ms
152ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3356037123609&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6907 0
20 B 151ms
151ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3356037123609&version=m202401290101&ct=77&x=1&cor=2090697757664446500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6907 34 KB
20 KB 165ms
165ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CynbtRpcQa2sKWuznrwvBhwzM6FuKREQVaPlhSLTQekq3f29jwYNVCuEa3q4HFVuEcBJHTzYd_jDMlY8zBpnAiwxlRTre7De6wBBT68Jw0_2TH7vtEXKr2cBgfB9u2MKKJc-gdFPO6ZHs-oorRGshMETLl__HAnaW2Y_MxALjWe42MiwZXRCUjaJFxyz4AMRzwoqGQ5F0H4C6ADXdHr_Qve2EV5Q&cry=1&dbm_d=AKAmf-CBDK_5LM_641TFnFNaSU1nafu6mDhRJpV5K3GMtJiifdmEKJ1NSa94FeRZmqx_7TYTny2nQ7_uzhRsCrrfyKi-SdhHsHP7jKnl7m2p1Yn-bgSUj9nGcSFg13HXZq97-4PhZ0Z7z9z2UVcJjy6OikfdiUAhhTQ5BK3AIjflvlgpNs03YveFSBuCzgONtEwMY5H1NX0dDYuh2h4FFbAuiXakMOuM5F0jpE-YMRQggW7cXow7tXfKdMP10zPBKLbVjbM8DpIY4xMRRONqJ5QMLiPvwKdBc0zgoeFu_MHAzoi6YP4uUA3SzvUpH0wNRgoOVbOv1Dchidr4NGzKA7j1pWc8ALk387upcXA34gsDqOgWP2GFYxw0Um6wmfLgfuetLFjTsazQvPEix7Y5FCCVqgFBpp16Ov2ON2IGLv-cbIJzLN9HoTZEw0WjMhi9HuATGQKgsST0ujtI8tXIEHG6MirsnwxvClpoAIdq6uS4UddvwbaP25z3fCqUL3INoEy_xuYeaqlz6pRE-v9flhvNub5W8hpAv25v2UWTo4ffMWHjUmyMKM1hzOs9hfhYMtczvot8PyfQDKROaElJTF5zagnHxGPW_KFKlLMcTPaA7pK8HZokjrZ8ScroZSbGanCd4QUbq8YxVpAYdyyQHL_gSKmBk7NNx1zS6UGxXGiXGBE32QtCOnU2CnyTSRJxRAvRLTLLyuASg9cEYBVGo2EAxoKt77zR_kjCsyU0iX4y-jD2qWjfPCxTs8hooIo0E6xzki3llemIKjKWCNsGLHyP1-3GKefysaSHRSxhSRWF4XXzISfCJRJcGMplK-LAQGcie-m3AhdbZOrrOyKAwL-N8YNtAwKoh31lSUcl3RwE-6rGeIUEdSFWdIK9FojNwOVj8mFWcsRrPeu35V4K7El6v-8xNl-wALEvnNyhFglbOwC4rsgWcZA0qPVJiLYyxFN-Nwq4DWoQkMLuFY9Zy6Pd0dp3kXQmAwDnJDOVXTeBb9naYe0O-imDbLJjGVnqVa42-dpqxv0t1kf3RogSRTCvFH5dHXtmwrqLf0Itsxh0ia2zDCrIh4799s8QvzZ15Piyip-h4NWxOVt1eYsRtsD7mhnkCmD2QTnft-4LLuv3NzIbdNga-DT3mljZBIs1y77XL8pim6ydz0Yn3ZA7Y8IYbZ54iQfeN4RP345zCgQQrL-acqdl4xAMkddko_mJZC48t8gPkk76obfYxb0u2Nada_UVIuA82KKOAxGsUMjmsQdGUvry8JFi5B8KBzm8n188Wn5XV9Vac9NWaphdVP_LI1F__VvvFwFecumFRofsTXYaofBerwdBQHTOzklZXTHAB5N-KgIkZXKpSvabgk-GHtaSgHW64iNYpqBDzmdgfZ91t1rZpx-qqtU3tihfbawxHMbjhLDMTq86cIobB0dGdnFxjodeP6Obz8nkXuYVEGWo08-Ylg7J6OH11mSn3v73ed26ZrHCcXtipLiEOi5C1UoSkd2tM1HCuvNRqNHAb_TQ-zxi8ZVmj11G9mO6SsGYEX5DVhlihANPeubmgiD36zeEZbVOu19z-B4PCakD9DasdVtqlLG7LVXNNjlekz_qxS0pCimW9XYp-W9rW-PVvtGm7-o3aQYS2cQ8RfnAW8I5TFAT5oekmO03Tj7pMeFjQ8cQKPiihkBMI06DUZLJeh_B9-RrkYoq3Ugd6gRNJQ9V9LuYyrTlvs0O8dKUkoDK0dQA355pPaxFpkHJN-mAiIJKz187dZzjn7-imovny5GaEfRbvy-UrRsjmmw8Kyx7wJ2VbApKfT6LH1mQy9JqeFLpRwS6ctHEWpnU2BzKtsl8P4_RDbWATVuVibQ5RN_Ybt6-M1ItCb6j_f1Gr74-rTM8fAM8rfIXQobmQpPDzaRFLzxchhz-j8OvJUET1diapfWu5-V5_TZ2NbRzH4hAx7Usu9lqsCchrAF4RM59mHWQAfSJG0yfoHWAMM8JKy6tFMUcPwhoyE-odkxnRyhaObWTtnTsscSF3GrtZgHEtQ-f3Tjr0uJkC7ocGG091BoEhUGnNnRkaAEXwo9RRrvn5m8-FgnJjlDzFH7JOHh7_j_X1N5iB7eUEWcIUB-e1UPbXrZNHijqvzkp8AdPe3NGC6yJoaMZi-0rpxjStVoBazZFNzTiQlg4lbKJIawnzKF5kT_erGPAWAX66ssPmgkhGdCKe6mauvs3TkdEjpen9-4CE-EiW5zuiQfMzba3FhYzcAfbE2RN8OHMEY7DNuffDNaOlPBSV_3if68dLtRd9hRmX8dzPDKdK-txCGC9V9htN0KeeCUcmfOwRSIw5vyBbzFOhSs8YmUlzMRd74H1qLVgXNmYkO4QcsRY0ZVG8xU1AGc953hToWwb7tVvNTqexjJAKYs7fiRb-X4T2Ntbb_3LDBsuhiNu9HCJPdBaT_N6oe9bwEy2QLES0dHE9BrDsoQZr5-yyiOI_kyzBHiM4W12YAnSQ_wadyHSWbJSQhR7Dj36QVO4wqGNuPkesSAHyBEyW-3f_voX8JGQhM6EwEwexbrX-w8SeYaMRu28n6GvpFf4Mrh6PIQy_9wZ7XXng21CYvEwex8PIapR60iLkvaFeFL8HIAJGyLrTp72R5eT8H0KloDI-t102p_l1ZX-LjcjQXSTPgcLlKa8LYlw3KM17_Sl9E47f7ePRx1Mr5iGOcnh_duZpIL4HM-RCo2bx-BwCeATweFwB7ZsStzTiI-Rln2KnCrM79U32_xE0Aes-iFx_UYPqdgptoyr2-EK0sD8aHO1Z1mNySWYsQdq6ZM2ZAa0iF1IJYVBfNnzvz3CH_IP0iJZRVrKoaUiKROHstLgm3vydea_hAc7P87QScUo3V8Ei50noKalVrfCZinZ02kzdtKF6smAB4RZH0wdh92DrGdLXNDzsJ38vkVbdWIrOyXNYwTDRi5-HWxBRTCrSDyaQCqghw5S2wZHm1ojt40tOJ32WZAKCPIkscKrMsO9H7EHrB170ioTf6omFgmPLER0VmhTQcSrU0HLmC3sXFdNRG1wFk24W3p8noH9FF1wOqFh-A27nxBdH9eNc4GPRZfBdHJnqzEY3v6exQBtqQCu0G1YheZH3XliGcRohWEoc-BVC8qG4NEyqXphZsQknckhhPp_bDcx5IzdLi1P2sazSCzg12kbEWfJaabFhGrOE0QqQzz3_1I2ijX3c57zWdKXVw9sAkfWgQr-a4YfYzra4CtIwNm_w-6Ew6oDlVemKBFeDH_g9ZIodNfXGfFF5IsuvQafo_Bm-sxHd1BT86ymnZXrc6iJ8thzJ3UGOW1MuG-8Jns-OKL0ho3OLsgPYUW57SftsTEGG2W0-43TJcxZy36WHEo8C9mNp6OpzpGWFJclsutvjYhBzy1JgQ4KxpD9ZrdR8-jWGz1TSqEb0FjmDg1YVyrD1suNdlAb_Vz82-VPGa6smj5ZcS5ao-ZGSi5bfmYsY3cEBNKgt1SPloGDd-EaPDIZJToeoLuJCZk5o24zy_xnboH_L3V2A7c50QkgNCiZtJ1A86s3rsUOZI1fcVoM8GpFCnZAf1k50nt3yl6ll9q26DMkY4Nkvn1XYs90prwgJH77DFUj43Ju4t_1n83W27t7vhOQ5_EH4bL0FhuAdBOkHkoG69U1WJAPAAIcVpJtMgpWfMRn4KZ-6CmPlKSo5WUkhSmTH2BTEHj-8gfvFlTpdnMSHdXtzgK0ZnPUS8A5WjcECWomGDonAPm-8IG1cXR8IJsZmiz2N82Bw6MeRBjb8NGV11gcZGt6GNDXe3R-_w5erLcHdRDDr3dbm6QHk8qGRYFPxgWg7goZ9sxDisDQejvs-gHQFJKoQIBQAZD4M-zL3sj0Gv1fvM30FcF9xsp8gyB35Ww0fe-MpyAgPfBSDJMtyaIzzr4zdSvPF7t0-pVijF11717SxE1tuqKW0hhV_3P4DFnNwOIAAGcjKtFr0J9Zm1m_2IUqWGfHFzBPmPpFmn0nU8ZWoD6Dn2FgCr0DiPP6HiZwE0yMBFnky7NTt3X2j4TwUDGNeskuQEGP1G3tDSQgRLawhmNfw7VswEZXgkvz-ej23vFi_kyWOfWPRtGtacgUYvq2jXQ1nfq5z5NBa0sAvqxatVieazsE4hWG5wy8qgek_DfCyifHvD8JFNl_l9BEC0ZlD2BTb6KL8SyViFdv59CBbDwoXqL3vVG_SVChcNiGCalhZvMizZFCafpdfwUXJ7w2v1h5TeHTPNRnZgIbio-FklFJanBTKNSXVWQXBRFSwdw2mEMLx5OWn1MOwRLnjwFm2fCfCOa1sQ8oJKraKyCoOL2iEM5qhQ&cid=CAQSTwB7FLtqW-ELCeD6EqU0RQMoMLRtoZEc2qS2enSwOJ_qQ3SIDB-GHS1vuJa_DLJQJGLRBTkOiTvEe1SKWDuuy06_Ub-fr-Mp7ht2zGAvCVsYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=2090697757664446500&adk=1935140219&idt=177&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ae9fe3f0b29e4214d504921908763cd7934224b5368748b714404f9e738a228f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19991
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 1930 2 KB
822 B 125ms
124ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 14:49:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57310
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 14:49:15 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/ Frame 1930 23 KB
9 KB 126ms
123ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

ec1d799ea15ca9389d9dcd1f5d5c9698d612204464a24020099137878484a168

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 05:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5535
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8988
x-xss-protection: 0
server: cafe
etag: 12564770436581814922
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Mar 2024 05:12:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 1930 3 KB
1 KB 130ms
126ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 05:12:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5536
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Mar 2024 05:12:09 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 1930 20 KB
8 KB 128ms
126ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

cafe /

Resource Hash

e7afde571c53d192943a40b3b7f109e698bb47e6d6424bc7d1f53a7cb9466360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 23:04:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27595
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8211
x-xss-protection: 0
server: cafe
etag: 3968847549730513390
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 23:04:30 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1930 204 KB
61 KB 125ms
123ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

1be58ac66106f8f26b344b506dbca6968b96606a5bb9f89dac5678dfaf9522ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:11:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1971
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62895
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 07:11:34 GMT

GET
H2 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame 1930 36 KB
15 KB 124ms
122ms Script
text/javascript 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 07:39:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 428689
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 19:17:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 21 May 2024 07:39:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240221/r20110914/ Frame 6907 30 KB
11 KB 135ms
135ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240221/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CynbtRpcQa2sKWuznrwvBhwzM6FuKREQVaPlhSLTQekq3f29jwYNVCuEa3q4HFVuEcBJHTzYd_jDMlY8zBpnAiwxlRTre7De6wBBT68Jw0_2TH7vtEXKr2cBgfB9u2MKKJc-gdFPO6ZHs-oorRGshMETLl__HAnaW2Y_MxALjWe42MiwZXRCUjaJFxyz4AMRzwoqGQ5F0H4C6ADXdHr_Qve2EV5Q&cry=1&dbm_d=AKAmf-CBDK_5LM_641TFnFNaSU1nafu6mDhRJpV5K3GMtJiifdmEKJ1NSa94FeRZmqx_7TYTny2nQ7_uzhRsCrrfyKi-SdhHsHP7jKnl7m2p1Yn-bgSUj9nGcSFg13HXZq97-4PhZ0Z7z9z2UVcJjy6OikfdiUAhhTQ5BK3AIjflvlgpNs03YveFSBuCzgONtEwMY5H1NX0dDYuh2h4FFbAuiXakMOuM5F0jpE-YMRQggW7cXow7tXfKdMP10zPBKLbVjbM8DpIY4xMRRONqJ5QMLiPvwKdBc0zgoeFu_MHAzoi6YP4uUA3SzvUpH0wNRgoOVbOv1Dchidr4NGzKA7j1pWc8ALk387upcXA34gsDqOgWP2GFYxw0Um6wmfLgfuetLFjTsazQvPEix7Y5FCCVqgFBpp16Ov2ON2IGLv-cbIJzLN9HoTZEw0WjMhi9HuATGQKgsST0ujtI8tXIEHG6MirsnwxvClpoAIdq6uS4UddvwbaP25z3fCqUL3INoEy_xuYeaqlz6pRE-v9flhvNub5W8hpAv25v2UWTo4ffMWHjUmyMKM1hzOs9hfhYMtczvot8PyfQDKROaElJTF5zagnHxGPW_KFKlLMcTPaA7pK8HZokjrZ8ScroZSbGanCd4QUbq8YxVpAYdyyQHL_gSKmBk7NNx1zS6UGxXGiXGBE32QtCOnU2CnyTSRJxRAvRLTLLyuASg9cEYBVGo2EAxoKt77zR_kjCsyU0iX4y-jD2qWjfPCxTs8hooIo0E6xzki3llemIKjKWCNsGLHyP1-3GKefysaSHRSxhSRWF4XXzISfCJRJcGMplK-LAQGcie-m3AhdbZOrrOyKAwL-N8YNtAwKoh31lSUcl3RwE-6rGeIUEdSFWdIK9FojNwOVj8mFWcsRrPeu35V4K7El6v-8xNl-wALEvnNyhFglbOwC4rsgWcZA0qPVJiLYyxFN-Nwq4DWoQkMLuFY9Zy6Pd0dp3kXQmAwDnJDOVXTeBb9naYe0O-imDbLJjGVnqVa42-dpqxv0t1kf3RogSRTCvFH5dHXtmwrqLf0Itsxh0ia2zDCrIh4799s8QvzZ15Piyip-h4NWxOVt1eYsRtsD7mhnkCmD2QTnft-4LLuv3NzIbdNga-DT3mljZBIs1y77XL8pim6ydz0Yn3ZA7Y8IYbZ54iQfeN4RP345zCgQQrL-acqdl4xAMkddko_mJZC48t8gPkk76obfYxb0u2Nada_UVIuA82KKOAxGsUMjmsQdGUvry8JFi5B8KBzm8n188Wn5XV9Vac9NWaphdVP_LI1F__VvvFwFecumFRofsTXYaofBerwdBQHTOzklZXTHAB5N-KgIkZXKpSvabgk-GHtaSgHW64iNYpqBDzmdgfZ91t1rZpx-qqtU3tihfbawxHMbjhLDMTq86cIobB0dGdnFxjodeP6Obz8nkXuYVEGWo08-Ylg7J6OH11mSn3v73ed26ZrHCcXtipLiEOi5C1UoSkd2tM1HCuvNRqNHAb_TQ-zxi8ZVmj11G9mO6SsGYEX5DVhlihANPeubmgiD36zeEZbVOu19z-B4PCakD9DasdVtqlLG7LVXNNjlekz_qxS0pCimW9XYp-W9rW-PVvtGm7-o3aQYS2cQ8RfnAW8I5TFAT5oekmO03Tj7pMeFjQ8cQKPiihkBMI06DUZLJeh_B9-RrkYoq3Ugd6gRNJQ9V9LuYyrTlvs0O8dKUkoDK0dQA355pPaxFpkHJN-mAiIJKz187dZzjn7-imovny5GaEfRbvy-UrRsjmmw8Kyx7wJ2VbApKfT6LH1mQy9JqeFLpRwS6ctHEWpnU2BzKtsl8P4_RDbWATVuVibQ5RN_Ybt6-M1ItCb6j_f1Gr74-rTM8fAM8rfIXQobmQpPDzaRFLzxchhz-j8OvJUET1diapfWu5-V5_TZ2NbRzH4hAx7Usu9lqsCchrAF4RM59mHWQAfSJG0yfoHWAMM8JKy6tFMUcPwhoyE-odkxnRyhaObWTtnTsscSF3GrtZgHEtQ-f3Tjr0uJkC7ocGG091BoEhUGnNnRkaAEXwo9RRrvn5m8-FgnJjlDzFH7JOHh7_j_X1N5iB7eUEWcIUB-e1UPbXrZNHijqvzkp8AdPe3NGC6yJoaMZi-0rpxjStVoBazZFNzTiQlg4lbKJIawnzKF5kT_erGPAWAX66ssPmgkhGdCKe6mauvs3TkdEjpen9-4CE-EiW5zuiQfMzba3FhYzcAfbE2RN8OHMEY7DNuffDNaOlPBSV_3if68dLtRd9hRmX8dzPDKdK-txCGC9V9htN0KeeCUcmfOwRSIw5vyBbzFOhSs8YmUlzMRd74H1qLVgXNmYkO4QcsRY0ZVG8xU1AGc953hToWwb7tVvNTqexjJAKYs7fiRb-X4T2Ntbb_3LDBsuhiNu9HCJPdBaT_N6oe9bwEy2QLES0dHE9BrDsoQZr5-yyiOI_kyzBHiM4W12YAnSQ_wadyHSWbJSQhR7Dj36QVO4wqGNuPkesSAHyBEyW-3f_voX8JGQhM6EwEwexbrX-w8SeYaMRu28n6GvpFf4Mrh6PIQy_9wZ7XXng21CYvEwex8PIapR60iLkvaFeFL8HIAJGyLrTp72R5eT8H0KloDI-t102p_l1ZX-LjcjQXSTPgcLlKa8LYlw3KM17_Sl9E47f7ePRx1Mr5iGOcnh_duZpIL4HM-RCo2bx-BwCeATweFwB7ZsStzTiI-Rln2KnCrM79U32_xE0Aes-iFx_UYPqdgptoyr2-EK0sD8aHO1Z1mNySWYsQdq6ZM2ZAa0iF1IJYVBfNnzvz3CH_IP0iJZRVrKoaUiKROHstLgm3vydea_hAc7P87QScUo3V8Ei50noKalVrfCZinZ02kzdtKF6smAB4RZH0wdh92DrGdLXNDzsJ38vkVbdWIrOyXNYwTDRi5-HWxBRTCrSDyaQCqghw5S2wZHm1ojt40tOJ32WZAKCPIkscKrMsO9H7EHrB170ioTf6omFgmPLER0VmhTQcSrU0HLmC3sXFdNRG1wFk24W3p8noH9FF1wOqFh-A27nxBdH9eNc4GPRZfBdHJnqzEY3v6exQBtqQCu0G1YheZH3XliGcRohWEoc-BVC8qG4NEyqXphZsQknckhhPp_bDcx5IzdLi1P2sazSCzg12kbEWfJaabFhGrOE0QqQzz3_1I2ijX3c57zWdKXVw9sAkfWgQr-a4YfYzra4CtIwNm_w-6Ew6oDlVemKBFeDH_g9ZIodNfXGfFF5IsuvQafo_Bm-sxHd1BT86ymnZXrc6iJ8thzJ3UGOW1MuG-8Jns-OKL0ho3OLsgPYUW57SftsTEGG2W0-43TJcxZy36WHEo8C9mNp6OpzpGWFJclsutvjYhBzy1JgQ4KxpD9ZrdR8-jWGz1TSqEb0FjmDg1YVyrD1suNdlAb_Vz82-VPGa6smj5ZcS5ao-ZGSi5bfmYsY3cEBNKgt1SPloGDd-EaPDIZJToeoLuJCZk5o24zy_xnboH_L3V2A7c50QkgNCiZtJ1A86s3rsUOZI1fcVoM8GpFCnZAf1k50nt3yl6ll9q26DMkY4Nkvn1XYs90prwgJH77DFUj43Ju4t_1n83W27t7vhOQ5_EH4bL0FhuAdBOkHkoG69U1WJAPAAIcVpJtMgpWfMRn4KZ-6CmPlKSo5WUkhSmTH2BTEHj-8gfvFlTpdnMSHdXtzgK0ZnPUS8A5WjcECWomGDonAPm-8IG1cXR8IJsZmiz2N82Bw6MeRBjb8NGV11gcZGt6GNDXe3R-_w5erLcHdRDDr3dbm6QHk8qGRYFPxgWg7goZ9sxDisDQejvs-gHQFJKoQIBQAZD4M-zL3sj0Gv1fvM30FcF9xsp8gyB35Ww0fe-MpyAgPfBSDJMtyaIzzr4zdSvPF7t0-pVijF11717SxE1tuqKW0hhV_3P4DFnNwOIAAGcjKtFr0J9Zm1m_2IUqWGfHFzBPmPpFmn0nU8ZWoD6Dn2FgCr0DiPP6HiZwE0yMBFnky7NTt3X2j4TwUDGNeskuQEGP1G3tDSQgRLawhmNfw7VswEZXgkvz-ej23vFi_kyWOfWPRtGtacgUYvq2jXQ1nfq5z5NBa0sAvqxatVieazsE4hWG5wy8qgek_DfCyifHvD8JFNl_l9BEC0ZlD2BTb6KL8SyViFdv59CBbDwoXqL3vVG_SVChcNiGCalhZvMizZFCafpdfwUXJ7w2v1h5TeHTPNRnZgIbio-FklFJanBTKNSXVWQXBRFSwdw2mEMLx5OWn1MOwRLnjwFm2fCfCOa1sQ8oJKraKyCoOL2iEM5qhQ&cid=CAQSTwB7FLtqW-ELCeD6EqU0RQMoMLRtoZEc2qS2enSwOJ_qQ3SIDB-GHS1vuJa_DLJQJGLRBTkOiTvEe1SKWDuuy06_Ub-fr-Mp7ht2zGAvCVsYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=2090697757664446500&adk=1935140219&idt=177&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

1f43ea6cbbf261394f83dc2f3425942bf6ddf498490f6cecfbf38739c1ff8b71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Feb 2024 23:14:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26993
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11549
x-xss-protection: 0
server: cafe
etag: 13750958460409166979
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Mar 2024 23:14:32 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6907 41 KB
14 KB 135ms
134ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 07:47:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 428193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Feb 2025 07:47:52 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwODkyOTg2NTE0MTY5MAogIHNlcnZlcl9pcDogMTM1Mzk2NjYwCiAgcHJvY2Vzc19pZDogMzk3NjIxNTkwMAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA4NDgwODA2...
ad.doubleclick.net/ddm/activity/ Frame 6907 0
838 B 431ms
160ms Image
image/png 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwODkyOTg2NTE0MTY5MAogIHNlcnZlcl9pcDogMTM1Mzk2NjYwCiAgcHJvY2Vzc19pZDogMzk3NjIxNTkwMAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA4NDgwODA2CmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9jYXJyZWZvdXIuZnIiCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMwpldmVudF9pbXByZXNzaW9uX2lkOiAxMTAzOTg4MzY5MTYyMjE2MzkwMQpkZWJ1Z19rZXk6IDE2MTYyNzkyOTAyNzAwODIyNjkzCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMi0yNiIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg0ODA4MDYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzODg5NzM4MzAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg1OTc2NTY0NAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyMTA0OTkyMDEzNgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDU1NTYxODYzMwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9jYXJyZWZvdXIuZnIiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4xLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjIuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzU0OTc0NzIwCmRtYV9wcm9kdWN0X2lkOiAxMjI3MTU4MzcK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 06:44:25 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xb6ad7352d7d853450000000000000000","13":"0xe48d5e264691fcdd0000000000000000","14":"0x72e8de5d8464f1950000000000000000","15":"0x5753743812ea76ab0000000000000000"},"debug_key":"16162792902700822693","debug_reporting":true,"destination":"https://carrefour.fr","expiry":"259200","filter_data":{"14":[],"21":[],"8":["8480806"]},"priority":"0","source_event_id":"11039883691622163901"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 customcarrefournewproductop_728x90.html Show response
cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/html/ Frame 6907 8 KB
8 KB 238ms
91ms XHR
text/html 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/html/customcarrefournewproductop_728x90.html
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d3011865546855138e9f2af962a84946df7c91973c1bd754dea902f7e087a07

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
cf-cache-status: HIT
x-amz-request-id: JVJYES30ZTGQHFBT
age: 118
alt-svc: h3=":443"; ma=86400
content-length: 8038
x-amz-id-2: KsMqnY/zEqNcjgW78gmdfN3TmeOqYl00z+TpWwSrU1iUvNMi4tYwRjBSsjg1jAYhtN+BOd32o9I=
last-modified: Thu, 22 Feb 2024 18:59:29 GMT
server: cloudflare
etag: "867ac475068a94c9217a16888db4fffe"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 85b6382b08f7e3e7-TLV
expires: Mon, 04 Mar 2024 06:44:25 GMT

GET
DATA 200
OK truncated
/ Frame 6907 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 822e8586736bee1e1f96c4de5354844f3036640b759abb15f2aa680aba238704

Request headers

accept-language: he-IL,he;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET 62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 4986 0
0

GET
H3 200 JdvibbZ7pdYNP3x_edcq2fSBaypuhp11EZJydPE6SQs.js Show response
pagead2.googlesyndication.com/bg/ Frame A71F 50 KB
19 KB 122ms
121ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JdvibbZ7pdYNP3x_edcq2fSBaypuhp11EZJydPE6SQs.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/qrzlhnflyury

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

25dbe26db67ba5d60d3f7c7f79d72ad9f4816b2a6e869d7511927274f13a490b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 14:20:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 491054
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19629
x-xss-protection: 0
last-modified: Mon, 19 Feb 2024 17:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 14:20:11 GMT

GET
H3 200 styles_customcarrefournewproductop_728x90.css
cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/css/ Frame 6907 3 KB
3 KB 253ms
171ms Stylesheet
text/css 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/css/styles_customcarrefournewproductop_728x90.css
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdb783763f9971b89d89d8cc555b05ff08d9b75551ab6b301ff6dffa7e1faeb4

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
cf-cache-status: HIT
x-amz-request-id: JVJSH65RSMBZ8QXF
age: 119
cf-polished: origSize=5057
alt-svc: h3=":443"; ma=86400
content-length: 3053
x-amz-id-2: Q2fW18lPtotHguFE6OaecVXt7Jr8ESMbg/Du9qieVzKza25oeID4qibAaPCF6zIdaOXSAYy/Llg=
cf-bgj: minify
last-modified: Thu, 22 Feb 2024 18:59:29 GMT
server: cloudflare
etag: "0894bf0e68aef53f079958d91f1dbde5"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382c2d4fe3db-TLV
expires: Tue, 05 Mar 2024 06:44:25 GMT

GET
H2 200 splide-core.min.css
cdn.jsdelivr.net/npm/@splidejs/splide@4.0.7/dist/css/ Frame 6907 2 KB
1 KB 254ms
90ms Stylesheet
text/css 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@splidejs/splide@4.0.7/dist/css/splide-core.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2049727040f23541feb3f5391225d23508f8a7bf29983fbc6c5c52890bcbd4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1648128
x-jsd-version: 4.0.7
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-etou8220113-FRA, cache-lga21955-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"806-A4RAGdKkYSKZ3TsvBjtypSkaSDk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpUO%2By7iRC0bVf8Rac6h6b9Bmv4BEorguRX0gD8dn6qCs5Ynr0AkhyiHQSbfC%2FKjdtcu3ljA4RmRIpNInU20sae%2BUOKK4%2Bjd2NwV9occswV3O%2FQ2oYAU3QdQhxC4UF1FXNg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 85b6382cbeb5e3db-TLV

GET
H2 200 handlebars.js Show response
cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.6/ Frame 6907 160 KB
29 KB 358ms
193ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.6/handlebars.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02e9c70478b4ed0444cfa8a953983e0a0388b731ec7b07662bd667d56816bf2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 8741741
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 29180
last-modified: Mon, 04 May 2020 16:10:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e72-27e1d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gncj1T7VKtN5YBIOfbi8Fb8T97yjxf9fXkmh%2B7o%2BXYKIFpvb%2BPKGvv6mc%2BY9MK4LgTWcdiRXHL0ROUZJULPHD17o9Qp4xytVEXFDZMUqK3HDS3wcbe41lvODyh6uH2lUYBhNp%2FNn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85b6382ca852e3ed-TLV
expires: Sat, 15 Feb 2025 06:44:25 GMT

GET
H3 200 tc-string-parse.min.js Show response
cdn.acotedemoi.com/public/ Frame 6907 4 KB
5 KB 213ms
133ms Script
application/javascript 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/public/tc-string-parse.min.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e9ea834221814e2c94b3bb8e4961c2d078a7d25e4eab23022090e9c4e84bca2

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Tue, 05 Mar 2024 06:44:25 GMT
date: Mon, 26 Feb 2024 06:44:25 GMT
cf-cache-status: HIT
x-amz-request-id: 83QEH7WK1KEAG0Z3
age: 129
x-amz-meta-sha256: 7e9ea834221814e2c94b3bb8e4961c2d078a7d25e4eab23022090e9c4e84bca2
alt-svc: h3=":443"; ma=86400
content-length: 4510
x-amz-id-2: swovMepDSkXi+kOIl0OXpVWP9fXPKGX9JNvF4r8wficL4xOUvFT3HGPDjFbBRi6kTU98NmcVJWU=
last-modified: Fri, 25 Jun 2021 10:03:36 GMT
server: cloudflare
etag: "4917eb0d7eea1c45f48cebd542c8fde7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382c2d4ae3db-TLV
x-amz-meta-s3b-last-modified: 20210625T100319Z

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/ Frame 6907 64 KB
23 KB 276ms
112ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/gsap.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b765b0cbd95391f6db0b565988eeb70ea68aa77bb9f8f7c8a880d96474c2aa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 384864
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23292
last-modified: Fri, 22 Apr 2022 16:32:30 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6262d89e-5afc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5tRge%2BSrK5CR9yU90W%2Fro4HLjSPGoOUQG9Gspjq1utMGHWxvQfl1VVNLQbeTc5rINZNAE9tGysVbpmZ8SwVjSSSkz64kJsPdQJ%2FOYGIEm8AUCIpqAs8IL0pF8iqXwZ4kuFY90kx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85b6382ca856e3ed-TLV
expires: Sat, 15 Feb 2025 06:44:25 GMT

GET
H2 200 splide.min.js Show response
cdn.jsdelivr.net/npm/@splidejs/splide@4.0.7/dist/js/ Frame 6907 29 KB
13 KB 255ms
91ms Script
application/javascript 104.16.85.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@splidejs/splide@4.0.7/dist/js/splide.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aad4aeffbcc5775cf1d8668637bc80b96c885eec42ec856b7d2a677110f15082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8646838
x-jsd-version: 4.0.7
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230036-FRA, cache-mrs10569-MRS
x-jsd-version-type: version
server: cloudflare
etag: W/"73e8-RYc5rJjiQhZqqqVOlxDRHZASsP0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3%2BYTSza0G2ZjMb8e3YQr7TShGfR5%2B2zwsiqnPyiACeSsPy649zjd%2FLo%2FWXYkdUbZnHfeBLPVY3Nor93kSeEtTUCAg8lL2O7Jvcyrou5GxT34zC43ALLPaQYwtAmwWg8Zbs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 85b6382cbebde3db-TLV

GET
H3 404 Enabler.js
cdn.acotedemoi.com/js/ Frame 6907 0
0 385ms
303ms Script
text/html 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/js/Enabler.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 shop_carrefour-market_t09-2024.js Show response
cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/ Frame 6907 85 KB
85 KB 181ms
99ms Script
binary/octet-stream 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/shop_carrefour-market_t09-2024.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4c9cc7fd4a95501f742138da5c3bcdcf3249f17e3b6eb87af13c3afe180e7b5

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
cf-cache-status: HIT
x-amz-request-id: JVJP9X5STD2PMHNK
age: 129
alt-svc: h3=":443"; ma=86400
content-length: 87129
x-amz-id-2: j1WGd2qEdMIGEKSyz06rgAUSDDL+UcvSDnD4by2DCfP/USGft74/a3o74w3BeA8KJj4wsHOWAxg=
last-modified: Thu, 22 Feb 2024 19:27:41 GMT
server: cloudflare
etag: "98539e2c26bac89e78f7519613fe2543"
vary: Accept-Encoding
content-type: binary/octet-stream
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382c2d55e3db-TLV
expires: Tue, 05 Mar 2024 06:44:25 GMT

GET
H3 200 animation_customcarrefournewproductop_728x90.js Show response
cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/js/ Frame 6907 1 KB
1 KB 252ms
171ms Script
binary/octet-stream 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/js/animation_customcarrefournewproductop_728x90.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67a37a5a945cbf072b0bc34a435b38efe969e84b318639fefdc693626977b566

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
cf-cache-status: HIT
x-amz-request-id: JVJJTJDEC3MGMVB4
age: 119
alt-svc: h3=":443"; ma=86400
content-length: 1182
x-amz-id-2: +ADJBRPqnp7CWz/dCT9Xi/ipqoMSMgmr+jl40BUZv8cV95T4kZ0S8aP/HtNZJajZdqRJUTWb0/s=
last-modified: Thu, 22 Feb 2024 18:59:39 GMT
server: cloudflare
etag: "c1da6b41ff5ed5658deea4e2e43ca113"
vary: Accept-Encoding
content-type: binary/octet-stream
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382c2d52e3db-TLV
expires: Tue, 05 Mar 2024 06:44:25 GMT

GET
H3 200 Oas Show response
fundingchoicesmessages.google.com/f/AGSKWxVszyc2Ef-z96B55KMbQLas1OLMB9fztxDyAwP5QkuDymQz9zwYGTO_Ns_koNgL71PLmd6VhBfq2PSgsefUZHIWDAYxyi88OMfS4SLP4OOnIb_DuLq3y_PGI6MZZS5jSiO_orFmfkylguaIxaxX7PV1kU7Nf... 54 B
110 B 138ms
137ms Script
application/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVszyc2Ef-z96B55KMbQLas1OLMB9fztxDyAwP5QkuDymQz9zwYGTO_Ns_koNgL71PLmd6VhBfq2PSgsefUZHIWDAYxyi88OMfS4SLP4OOnIb_DuLq3y_PGI6MZZS5jSiO_orFmfkylguaIxaxX7PV1kU7Nf21eqh5Jbtum0yFD7hI0g96U3-ZYQ1UE/_/advertverticallong.-us/ads//banner160x600-/Ad/Oas?/adcast_

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.iw.6TGLITHfW6c.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzqqbW3CpLMe7RBv4Tq6dowjWZIdw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

13805ae0c199a35d88562669e58022c9b9242d67234275d74e1491c4118ae554

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rKT1zy8Nw-E8qpfCM12jAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
content-security-policy: script-src 'report-sample' 'nonce-rKT1zy8Nw-E8qpfCM12jAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJicNCQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIR6Ok88-rGMTOLFh4yZmAHpNQJA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 64 KB
24 KB 121ms
121ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

d255488fd7493f999e12641c5afed8348b9f5bf3356106c2a33032368782d61d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:08:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24293
x-xss-protection: 0
server: cafe
etag: 13238648472899439582
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 07:08:29 GMT

POST
H3 204 AGSKWxWSy2EGgCe4V_TIjbyANkNU1tnDJVvwQqj_MOWHiY6KR-odom1O1BEbW7mox8XkLPrzfiedBui5KX7C9SnWlZ4G7tNZkNrZRYLpiP6rxrdBAdLVGogKqMWUGll_vsPDDlE7wFFwZw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 384ms
138ms XHR
text/html 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWSy2EGgCe4V_TIjbyANkNU1tnDJVvwQqj_MOWHiY6KR-odom1O1BEbW7mox8XkLPrzfiedBui5KX7C9SnWlZ4G7tNZkNrZRYLpiP6rxrdBAdLVGogKqMWUGll_vsPDDlE7wFFwZw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KXCXGszLX8bQt_aGw8AKFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: script-src 'report-sample' 'nonce-KXCXGszLX8bQt_aGw8AKFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw1JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYAIBbi5jj17MM6NoENjXu9ATMyFVI"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2195484450250.jpg
cdn.acotedemoi.com/carrefour-market/t09-2024/img/ Frame 6907 31 KB
31 KB 82ms
81ms Image
image/jpg 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/img/2195484450250.jpg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e1e90957a3b381c3522a9bf340b1e50132fad042b5b9a519f6028884afc3445

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: FY7FBN49X1W25GMS
age: 118
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 31556
x-amz-id-2: BDWJ4PlFiHMTa5VBHgXyz/YFAJgzpBq0rh2jPQShWNe1ksbOimXVYp6JGSy4wMd9ftVgEyXwJOI=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 17:18:04 GMT
server: cloudflare
etag: "59cfad121705406f61e3246fe06d0e42"
vary: Accept-Encoding
content-type: image/jpg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6bd3e3db-TLV
expires: Tue, 05 Mar 2024 06:44:25 GMT

GET
H3 200 2195484448610.jpg
cdn.acotedemoi.com/carrefour-market/t09-2024/img/ Frame 6907 21 KB
21 KB 145ms
143ms Image
image/jpg 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/img/2195484448610.jpg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96c5b521d19896f08a4c62d61e088753d7d140a9046bf0369892a417f66c43c9

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: FY72TQK5E86WTVF8
age: 117
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 21613
x-amz-id-2: /J4Gytm+jqHke6jgXMYYyS8W6SbPEcqQ8/xBdueGGd15vS8xrCPXNmoA1wB1rtBlJoiR9h5H+88=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 17:18:05 GMT
server: cloudflare
etag: "42872a91838fbc62f1694b8f87893ce4"
vary: Accept-Encoding
content-type: image/jpg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6bd6e3db-TLV
expires: Tue, 05 Mar 2024 06:44:26 GMT

GET
H3 200 2195484449730.jpg
cdn.acotedemoi.com/carrefour-market/t09-2024/img/ Frame 6907 13 KB
13 KB 79ms
77ms Image
image/jpg 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/img/2195484449730.jpg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cc1e9d8e1376a2c7443d3474face14c664b7065288a3a4fbfb624d8a0795c5d

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:25 GMT
cf-cache-status: HIT
x-amz-request-id: FY76BPM6QB62WK70
age: 122
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 13001
x-amz-id-2: 7m50bjKEHVM58yQEjrh8UtlTuIWcmEjGzwn2na35KWUI/JMFgE3ga0fyzwTGIwDm7h6bHDY5ZLQ=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 17:18:08 GMT
server: cloudflare
etag: "b394b0fa16d42e1adfa87dc530cdbf8c"
vary: Accept-Encoding
content-type: image/jpg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6bd7e3db-TLV
expires: Tue, 05 Mar 2024 06:44:25 GMT

GET
H3 200 2195484449740.jpg
cdn.acotedemoi.com/carrefour-market/t09-2024/img/ Frame 6907 17 KB
18 KB 84ms
82ms Image
image/jpg 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/img/2195484449740.jpg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a2e369be1a252d594405c707f64db65bf30a6023cd95d3ab4cfe584100014c3

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: FY7FK6KRC29YJQ8R
age: 122
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 17798
x-amz-id-2: I7PGsnafLHdQrwBungf/AHNm/qfsGeJ1xvlkREqWMHmqHrmkEZmc+s056jyuHbn3HdkTdb4tz08=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 17:18:10 GMT
server: cloudflare
etag: "8cd9716c59f9cb443cd1df4c594f7a93"
vary: Accept-Encoding
content-type: image/jpg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6bd9e3db-TLV
expires: Tue, 05 Mar 2024 06:44:25 GMT

GET
H3 200 cover.jpg
cdn.acotedemoi.com/carrefour-market/t09-2024/img/ Frame 6907 196 KB
196 KB 149ms
148ms Image
image/jpg 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/img/cover.jpg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f3b569cc3ca3a88fb382bc3f08b01af60ce7cb61a6b2e4a44cd0a1fdec4041

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: FY74405E6S09ZT8R
age: 129
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 200379
x-amz-id-2: Ix2mOPM2/qJSBOm3ej4YGIR+sf+76mdl8+RIN1VGBQzp1R2Fw4pq00UbcRsrH0eUGYUCDs0n820=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 17:32:35 GMT
server: cloudflare
etag: "345304de7ee9de3a91a2fb81079b8c59"
vary: Accept-Encoding
content-type: image/jpg
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6bdce3db-TLV
expires: Tue, 05 Mar 2024 06:44:26 GMT

GET
H3 200 logo_symbol_white.png
cdn.acotedemoi.com/carrefour/public-img/ Frame 6907 1 KB
2 KB 220ms
219ms Image
image/png 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour/public-img/logo_symbol_white.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 243d7cb3c1708e25dbb4905b8b8e4f5d760489d4cab3b16c9a6c11317c7c33f0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: 83Q24GQXRAT2FMET
age: 129
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 1345
x-amz-id-2: ZsV6e/6RGKel2pf0QkQTDckBAaZq0h9h3NJ5xMwi8euFop9BTozTFMFwfnnG1RYVnPMfpDKoPdk=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 14:06:03 GMT
server: cloudflare
etag: "6bf0faf625e8d18c1894920cabcf1570"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6be0e3db-TLV
expires: Tue, 05 Mar 2024 06:44:26 GMT

GET
H3 200 logo-2.png
cdn.acotedemoi.com/carrefour-market/public-img/ Frame 6907 596 B
999 B 221ms
220ms Image
image/webp 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.acotedemoi.com/carrefour-market/public-img/logo-2.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: baaf62106ca7e223245be724e8c36781e7148ede338fae10457048670a3f3932

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: 83QD1CM621QX0AQ4
age: 129
cf-polished: origFmt=png, origSize=650
content-disposition: inline; filename="logo-2.webp"
alt-svc: h3=":443"; ma=86400
content-length: 596
x-amz-id-2: u4jzrg5iks/gX/gpzW4aNXR1DLCCmgK/d46xbvES1L0+jdQPfpjRiKlX1zVmaWfsxthdAkZbX6w=
cf-bgj: imgq:100,h2pri
last-modified: Wed, 21 Feb 2024 14:05:06 GMT
server: cloudflare
etag: "6214a5d0e62a11a8fc593c00cbe10f8e"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e6be2e3db-TLV
expires: Tue, 05 Mar 2024 06:44:26 GMT

GET
H2 200 bundle.js Show response
content.acotedemoi.com/ Frame 6907 6 KB
3 KB 240ms
85ms Script
application/javascript 104.18.9.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://content.acotedemoi.com/bundle.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.9.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6584b455deda78ab208dbea0beb8dbe85ec60a01cc9117f7160d31cf490ca798

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: VSBYA8CAEJB1PNQC
age: 129
cf-polished: origSize=6056
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /XjpFTgzU5jBf2ZJI0TSbJ4PDP+InELYBf7zOAlDFpcZ3sTH0lpPKUvG+gmGhEWlHF+U/9JWlY4=
cf-bgj: minify
last-modified: Wed, 10 Mar 2021 16:54:50 GMT
server: cloudflare
etag: W/"e358da79a082330543951b843043e847"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=691200
cf-ray: 85b6382f6916e3d7-TLV
expires: Tue, 05 Mar 2024 06:44:26 GMT

GET
H2 200 ProximaNova-Bold.woff2
cdn.acotedemoi.com/carrefour/fonts/ Frame 6907 30 KB
31 KB 85ms
84ms Font
application/font-woff2 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/carrefour/fonts/ProximaNova-Bold.woff2
Requested by: Host: cdn.acotedemoi.com
URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/css/styles_customcarrefournewproductop_728x90.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab41e299c02644cdbef442fb99a115f7a559bbae950895f0c02858854177a3ce

Request headers

Referer: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/css/styles_customcarrefournewproductop_728x90.css
Origin: https://googleads.g.doubleclick.net
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Tue, 05 Mar 2024 06:44:26 GMT
date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: 83Q2YYG0Q9H2GY64
age: 124
x-amz-meta-sha256: ab41e299c02644cdbef442fb99a115f7a559bbae950895f0c02858854177a3ce
alt-svc: h3=":443"; ma=86400
content-length: 30932
x-amz-id-2: h3j2hGGPNndA2TVA2maZaWvWo5TrDzZJrKmpek0uXMEjt6Lbi4Cobb7iKJEjxTeh/94zHjTbSvM=
last-modified: Fri, 04 Nov 2022 10:09:17 GMT
server: cloudflare
etag: "14770a6146170fbffd3dd71ffe3611fd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e7b5de3e7-TLV
x-amz-meta-s3b-last-modified: 20221031T090200Z

GET
H2 200 ProximaNova-Semibold.woff2
cdn.acotedemoi.com/carrefour/fonts/ Frame 6907 30 KB
30 KB 153ms
153ms Font
application/font-woff2 104.18.8.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.acotedemoi.com/carrefour/fonts/ProximaNova-Semibold.woff2
Requested by: Host: cdn.acotedemoi.com
URL: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/css/styles_customcarrefournewproductop_728x90.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.8.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbe1ce06965b48cce8b987c0319ac64d8ecded944e83e6de2ebe831d9a917be1

Request headers

Referer: https://cdn.acotedemoi.com/carrefour-market/t09-2024/dv360/css/styles_customcarrefournewproductop_728x90.css
Origin: https://googleads.g.doubleclick.net
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires: Tue, 05 Mar 2024 06:44:26 GMT
date: Mon, 26 Feb 2024 06:44:26 GMT
cf-cache-status: HIT
x-amz-request-id: 83QFWJGC0FW8N26G
age: 124
x-amz-meta-sha256: bbe1ce06965b48cce8b987c0319ac64d8ecded944e83e6de2ebe831d9a917be1
alt-svc: h3=":443"; ma=86400
content-length: 30528
x-amz-id-2: R0eHwNYSXoKSBddKgJAriu5AAT6ClvJEBoWhjdWQpA0fjlUxehlAV88+dhlV7qaK/s2sJ1l1Iwc=
last-modified: Fri, 04 Nov 2022 10:09:18 GMT
server: cloudflare
etag: "c134e1fda84646df5e83c287744af9db"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 85b6382e7b62e3e7-TLV
x-amz-meta-s3b-last-modified: 20221031T090607Z

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWSy2EGgCe4V_TIjbyANkNU1tnDJVvwQqj_MOWHiY6KR-odom1O1BEbW7mox8XkLPrzfiedBui5KX7C9SnWlZ4G7tNZkNrZRYLpiP6rxrdBAdLVGogKqMWUGll_vsPDDlE7wFFwZw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3BdKDQ3z_7OynFFyohf7wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3BdKDQ3z_7OynFFyohf7wA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw1pBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYAIBbi5jj17MM6NoEFdzd6AQAyrxWL"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWSy2EGgCe4V_TIjbyANkNU1tnDJVvwQqj_MOWHiY6KR-odom1O1BEbW7mox8XkLPrzfiedBui5KX7C9SnWlZ4G7tNZkNrZRYLpiP6rxrdBAdLVGogKqMWUGll_vsPDDlE7wFFwZw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lYTL_A8mJgLBKRzHM78dhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: script-src 'report-sample' 'nonce-lYTL_A8mJgLBKRzHM78dhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw05BiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYAIBbi5jj17MM6NoGGBbu9ADIrFTs"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWSy2EGgCe4V_TIjbyANkNU1tnDJVvwQqj_MOWHiY6KR-odom1O1BEbW7mox8XkLPrzfiedBui5KX7C9SnWlZ4G7tNZkNrZRYLpiP6rxrdBAdLVGogKqMWUGll_vsPDDlE7wFFwZw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-U-vCQlh2vcqae7_SW3psiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-U-vCQlh2vcqae7_SW3psiA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw15BiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYAIBbi5jj17MM6NoEJexZ5AQA0ahVX"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUBRe1_7vLmeh7wzx86aUP3PwKi-PEdElmrRGQT-0k06sEpuaAj_E11CX6IE52SaJbwAvPGO90lRiszUBS0YQSovHQaQwwSOl5hLSbDnk8kkxcbcl_hkpIl_L4U-400kRvbXOxiYg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 160ms
160ms Script
application/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUBRe1_7vLmeh7wzx86aUP3PwKi-PEdElmrRGQT-0k06sEpuaAj_E11CX6IE52SaJbwAvPGO90lRiszUBS0YQSovHQaQwwSOl5hLSbDnk8kkxcbcl_hkpIl_L4U-400kRvbXOxiYg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4OTI5ODY1LDk3ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIjZUR0xJVEhmVzZjIl0sWzksIml3Il0sWzE4LCJbW1swXV1dIl0sWzIwLCJbbnVsbCxudWxsLFs5NTMyNTk5MV0sMywxN10iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

0484ef7a63b793661c2295ad66ed81af074045ddb6e8d26b60c7bb2d10b21879

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-wBr-gZSvsdRkMI64ElTBew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-wBr-gZSvsdRkMI64ElTBew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KohxXDi1m2mC0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgZvzzgokTiN99ecnE8_UlkwQQawDxO8lXTN-AeIePBwvfuumsKkCsu346aygQxzyfzpoCxItZZ7CuBmKn9BmsQUD8OXMG628g9qmfwRoDxELcHKeefVjHJtBw45QyAD2aRQo"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVs8isS9l9GCcOF1reKB8aMvW3MIzXCRB4QqdQrcHSPCXmTcoV338XlVfM7EvefrT-jt-BAyQHxIFa8IIL4Bdyc27saIDgWbMx7IxnMke2BnJjYqKgc-u3O-EbJ0k1lXlDCMImkeQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 134ms
133ms XHR
text/html 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVs8isS9l9GCcOF1reKB8aMvW3MIzXCRB4QqdQrcHSPCXmTcoV338XlVfM7EvefrT-jt-BAyQHxIFa8IIL4Bdyc27saIDgWbMx7IxnMke2BnJjYqKgc-u3O-EbJ0k1lXlDCMImkeQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-itqgygpJZRpK17TFitFj9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-itqgygpJZRpK17TFitFj9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmII1JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYAIBbi5jj17MM6NoGG1ieZADSSFXM"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWSy2EGgCe4V_TIjbyANkNU1tnDJVvwQqj_MOWHiY6KR-odom1O1BEbW7mox8XkLPrzfiedBui5KX7C9SnWlZ4G7tNZkNrZRYLpiP6rxrdBAdLVGogKqMWUGll_vsPDDlE7wFFwZw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ERNSrcm7f-EMR-bYU7pfZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Feb 2024 06:44:26 GMT
content-security-policy: script-src 'report-sample' 'nonce-ERNSrcm7f-EMR-bYU7pfZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw1pBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYAIBbi5jj17MM6NoEf-6ZnAQA1RhXS"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST event
act.acotedemoi.com/tag/ Frame 6907 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Domain: dsum-sec.casalemedia.com
URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN-KG2X3uObyp6ggOPh9-Ww&google_cver=1&C=1

Domain: dsum-sec.casalemedia.com
URL: https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESENsutX4LFGtxJ_sKEM9KQvI%26google_cver%3D1

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Domain: act.acotedemoi.com
URL: https://act.acotedemoi.com/tag/event

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Mon Feb 26 2024 08:45:20 GMT+0200 (Israel Standard Time), path=/
.babup.com/	1970-01-21 04:18:09	Name: _ga_3T7TKCZCC9 Value: GS1.1.1708929862.1.0.1708929862.0.0.0
.babup.com/	1970-01-21 04:18:09	Name: _ga Value: GA1.2.1807250169.1708929862
.babup.com/	1970-01-20 18:43:36	Name: _gid Value: GA1.2.961083501.1708929863
.babup.com/	1970-01-20 18:42:09	Name: _gat_gtag_UA_119779859_1 Value: 1
.babup.com/	1970-01-21 04:03:45	Name: __gads Value: ID=4669ee67819949ba:T=1708929862:RT=1708929862:S=ALNI_MbNE6YhONXv8nfuWH_clEbftK2ABg
.babup.com/	1970-01-21 04:03:45	Name: __gpi Value: UID=00000d629e319345:T=1708929862:RT=1708929862:S=ALNI_Mb84M9C0355aYoUlEaCuvFKlCte4w
.babup.com/	1970-01-20 23:01:21	Name: __eoi Value: ID=8d98e3ca4b541b0f:T=1708929862:RT=1708929862:S=AA-AfjZhv8zN8zBnCX_swRpat61C
.doubleclick.net/	1970-01-21 04:18:09	Name: IDE Value: AHWqTUk8U1SIcm0ebOjDqwlN0znG61Z5dGCIB27SMLXmHp4oUxrf8mca9OStvc82pTo
.adnxs.com/	1970-01-21 04:18:09	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:51:45	Name: XANDR_PANID Value: sV0Opc97iXVM1TEew1sCpWnI3Azqf_VvOUJa84zmBEnRODyKemYSJYkqBEpxy7PwvjKFRAR3RMknYuK6LRGXu4MN7Neqoc4OhHBEOLgQWsM.
.adnxs.com/	1970-01-20 20:51:45	Name: uuid2 Value: 2384892350751795509
.casalemedia.com/	1970-01-21 03:27:45	Name: CMID Value: ZdwzSYsFVWYAAGOsAGnWJgAA
.casalemedia.com/	1970-01-20 20:51:45	Name: CMPS Value: 4782
.casalemedia.com/	1970-01-20 20:51:45	Name: CMPRO Value: 4782
.doubleclick.net/	1970-01-20 19:25:21	Name: ar_debug Value: 1
.babup.com/	1970-01-21 03:27:45	Name: FCNEC Value: %5B%5B%22AKsRol_erVWypXcLesCgeOXAVhQ1GvVimL6qkwcHVZtmmvrGAz2pBZghjsZ-i9LYzOrFxvbQW9FO4tkX-H1ucuzbqXHzqRbmAv7S6UhYqqOIAcC4CKEyqwDhwWXjGWqdUwwzxVMjywSroyDT3XMfLHLjxikUqYV4mA%3D%3D%22%5D%5D

35 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://www.babup.com/file.php?get=qrzlhnflyury Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/file.php?get=qrzlhnflyury Message: Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/file.php?get=qrzlhnflyury Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://cdn.acotedemoi.com/js/Enabler.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

act.acotedemoi.com
ad.doubleclick.net
ajax.googleapis.com
cdn.acotedemoi.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
certify-js.alexametrics.com
connect.facebook.net
content.acotedemoi.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
ib.adnxs.com
images.dmca.com
pagead2.googlesyndication.com
ssl.google-analytics.com
tpc.googlesyndication.com
www.babup.com
www.file-upload.com
www.file-upload.org
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
act.acotedemoi.com
certify-js.alexametrics.com
dsum-sec.casalemedia.com
ib.adnxs.com
tpc.googlesyndication.com
www.file-upload.org
104.16.85.20
104.17.25.14
104.18.8.5
104.18.9.5
142.250.184.226
142.250.185.161
142.250.185.170
142.250.186.142
142.250.186.38
142.250.186.40
157.240.0.6
169.150.247.39
172.217.16.195
172.217.18.106
172.217.18.8
188.114.97.3
216.58.206.36
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
02e9c70478b4ed0444cfa8a953983e0a0388b731ec7b07662bd667d56816bf2c
0484ef7a63b793661c2295ad66ed81af074045ddb6e8d26b60c7bb2d10b21879
068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3
0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
13805ae0c199a35d88562669e58022c9b9242d67234275d74e1491c4118ae554
1b765b0cbd95391f6db0b565988eeb70ea68aa77bb9f8f7c8a880d96474c2aa8
1be58ac66106f8f26b344b506dbca6968b96606a5bb9f89dac5678dfaf9522ff
1d3011865546855138e9f2af962a84946df7c91973c1bd754dea902f7e087a07
1f43ea6cbbf261394f83dc2f3425942bf6ddf498490f6cecfbf38739c1ff8b71
243d7cb3c1708e25dbb4905b8b8e4f5d760489d4cab3b16c9a6c11317c7c33f0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25dbe26db67ba5d60d3f7c7f79d72ad9f4816b2a6e869d7511927274f13a490b
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31a60c88c264d529d267b0d2c9dae3530ae59fc9970162e2d132d6f6fab1b395
3cb6a5a201e0931500ad62d7527bac07a95da2d182a34e6931607f085c8c6992
3e1e90957a3b381c3522a9bf340b1e50132fad042b5b9a519f6028884afc3445
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4542f385ca5b956e53a81a508728e5e3adf793a5c701acea6fcea9eb1f4fafc7
47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d
4b61d8691097f35768bf7d91d6cd291fcfb2bb2cb5334ae145faf11e652e0ef6
4ca0b53e9b099b2354ca25da254253de262c4d7baf328cf6b2ca43119012bbce
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
57b13aaf42808d7bc7aab013942cb88ef8b3be55aa8a16dccc562f074c63209b
5c2217b06478414e3a36692287923161da000f2da989cba2b2dd04803efcd5c0
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6584b455deda78ab208dbea0beb8dbe85ec60a01cc9117f7160d31cf490ca798
67a37a5a945cbf072b0bc34a435b38efe969e84b318639fefdc693626977b566
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
7a1080061a1f9f5311328cf241f741be103f8bf8dba5215e9c841944e4de052a
7a77bb69398bd402a6c2aaef45e0a648b13bf3e6e03958307dbea1691329616b
7cc1e9d8e1376a2c7443d3474face14c664b7065288a3a4fbfb624d8a0795c5d
7e9ea834221814e2c94b3bb8e4961c2d078a7d25e4eab23022090e9c4e84bca2
822e8586736bee1e1f96c4de5354844f3036640b759abb15f2aa680aba238704
87342aed0ab0e27ee21660767dda8b8f8c41d32a2ea6682fd5ce1674720e9745
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8853c9370e6f22974c135a5e058a9262d8cedb281b2f015e1e50f9bbc592c2ff
890c10e65b198d39eeea7ebfa0820f44187778fbe504568c37cea00c4f205e01
8b6feb184b85e321282ba00b533c2f3d9f6b07783dbda62a950d21a8a4b922c7
96c5b521d19896f08a4c62d61e088753d7d140a9046bf0369892a417f66c43c9
9a2e369be1a252d594405c707f64db65bf30a6023cd95d3ab4cfe584100014c3
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9ea551d5c459b9c5a023c2ad94756560aa1d831f236c68f6bf1588b4abaf6558
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
aad4aeffbcc5775cf1d8668637bc80b96c885eec42ec856b7d2a677110f15082
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
ab41e299c02644cdbef442fb99a115f7a559bbae950895f0c02858854177a3ce
ad930c38e5710585a49969ac41a828adddc3a3c57d2e21b9f0c5c7f188820dfc
ae9fe3f0b29e4214d504921908763cd7934224b5368748b714404f9e738a228f
b5a06775668129b82a7ad88e98dcd6be2fde71a15cb58a630b7eda8acc9a6482
b74b9421def22888527d289bc3b3997d09ecbdb6c9e5728aa35ef36b7fc5cc1b
b816ffa8bb25e6ddbb2fd32cca97221977a12d0f0e99ebf1e29826b096cd83d1
b8c0db6b58eb95303d70d076e7cc57e3da9280c443ad24ecd9b4a993095b7e23
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
baaf62106ca7e223245be724e8c36781e7148ede338fae10457048670a3f3932
bbe1ce06965b48cce8b987c0319ac64d8ecded944e83e6de2ebe831d9a917be1
c4c9cc7fd4a95501f742138da5c3bcdcf3249f17e3b6eb87af13c3afe180e7b5
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdb783763f9971b89d89d8cc555b05ff08d9b75551ab6b301ff6dffa7e1faeb4
ce8c05a7248a3803ffc6d3a871f42b125e2358c700a59e082501d81d5c94400b
d255488fd7493f999e12641c5afed8348b9f5bf3356106c2a33032368782d61d
d5f0966a15793c226b1dbcd7b2ee694f8229cde7413c05e3c603175f42df1f48
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6713d7c59fae2970c6801f64d4fac34c5dbf1b4caff5b0ba44eb14aae66b24e
e7afde571c53d192943a40b3b7f109e698bb47e6d6424bc7d1f53a7cb9466360
e8af1bbffa09030cadeec9e43e8e6d60cc377c6a9a70841106902815802d036a
ec1d799ea15ca9389d9dcd1f5d5c9698d612204464a24020099137878484a168
ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f3b569cc3ca3a88fb382bc3f08b01af60ce7cb61a6b2e4a44cd0a1fdec4041
f2049727040f23541feb3f5391225d23508f8a7bf29983fbc6c5c52890bcbd4b
f9d2bdf82b77a0507ff36de46ba130b63de34f7c0300832e36b77fd99542b6b9
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.babup.com Open in urlscan Pro 188.114.97.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

126 Requests

87 %HTTPS

0 %IPv6

18 Domains

25 Subdomains

18 IPs

4 Countries

2216 kBTransfer

5304 kBSize

17 Cookies

31 Outgoing links

Page URL History

Redirected requests

126 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.babup.com Open in urlscan Pro
188.114.97.3 Public Scan

Screenshot
Live screenshot

Full Image

126
Requests

87 %
HTTPS

0 %
IPv6

18
Domains

25
Subdomains

18
IPs

4
Countries

2216 kB
Transfer

5304 kB
Size

17
Cookies

126 HTTP transactions
1 data transactions