www.babup.com Open in urlscan Pro
188.114.96.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.file-upload.com/gxbzwmkj6mv4
Effective URL:
https://www.babup.com/file.php?get=gxbzwmkj6mv4
Submission: On February 20 via manual (February 20th 2024, 7:51:31 am UTC) from US — Scanned from IL

Summary HTTP 188 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 26 IPs in 3 countries across 17 domains to perform 188 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is www.babup.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.

This is the only time www.babup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7 11	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	169.150.247.38 169.150.247.38	60068 (CDN77 _) (CDN77 _)
33	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	172.217.16.138 172.217.16.138	15169 (GOOGLE) (GOOGLE)
1	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
2	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
2	172.217.18.8 172.217.18.8	15169 (GOOGLE) (GOOGLE)
5 30	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 5	142.250.185.78 142.250.185.78	15169 (GOOGLE) (GOOGLE)
32	142.250.186.161 142.250.186.161	15169 (GOOGLE) (GOOGLE)
4	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
6	142.250.185.170 142.250.185.170	15169 (GOOGLE) (GOOGLE)
4 5	172.217.18.4 172.217.18.4	15169 (GOOGLE) (GOOGLE)
11	142.250.186.174 142.250.186.174	15169 (GOOGLE) (GOOGLE)
10	142.250.115.120 142.250.115.120	15169 (GOOGLE) (GOOGLE)
4	142.250.186.131 142.250.186.131	15169 (GOOGLE) (GOOGLE)
2	64.233.166.155 64.233.166.155	15169 (GOOGLE) (GOOGLE)
4	74.125.98.72 74.125.98.72	() ()
3	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
6	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	() ()
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 3	172.64.151.101 172.64.151.101	() ()
1 2	142.250.186.162 142.250.186.162	() ()
2 2	185.89.210.46 185.89.210.46	() ()
188	26

11 188.114.96.3 (Amsterdam, Netherlands) 7 redirects

ASN13335 (CLOUDFLARENET, US)

www.file-upload.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.babup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

www.file-upload.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.247.38 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-38.bunnyinfra.net

images.dmca.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.8 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.185.162 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.78 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f10.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.18.4 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.115.120 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: rq-in-f120.1e100.net

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.166.155 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 74.125.98.72 (United States)

ASN- ()
PTR: tlv04s01-in-f8.1e100.net

r3---sn-ua87zn7e.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s22-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (None, )

ASN- ()

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.151.101 (None, ) 2 redirects

ASN- ()

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (None, ) 1 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.46 (None, ) 2 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 158 ade.googlesyndication.com	1016 KB
36	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 bid.g.doubleclick.net — Cisco Umbrella Rank: 1015 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 551 cm.g.doubleclick.net	227 KB
22	file-upload.org www.file-upload.org — Cisco Umbrella Rank: 930236	550 KB
17	gstatic.com csi.gstatic.com fonts.gstatic.com www.gstatic.com	80 KB
16	google.com 4 redirects www.google.com — Cisco Umbrella Rank: 2 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 659	71 KB
11	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 434 fonts.googleapis.com — Cisco Umbrella Rank: 48 imasdk.googleapis.com — Cisco Umbrella Rank: 476	305 KB
7	file-upload.com 7 redirects www.file-upload.com	2 KB
6	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 141
6	2mdn.net 2 redirects gcdn.2mdn.net — Cisco Umbrella Rank: 1326 r3---sn-ua87zn7e.c.2mdn.net — Cisco Umbrella Rank: 632471	1 KB
4	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 605 www.google-analytics.com — Cisco Umbrella Rank: 45	38 KB
4	babup.com www.babup.com	14 KB
3	casalemedia.com 2 redirects dsum-sec.casalemedia.com	2 KB
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	151 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 191	92 KB
2	dmca.com images.dmca.com — Cisco Umbrella Rank: 16815	10 KB
0	alexametrics.com Failed certify-js.alexametrics.com Failed
188	17

	Domain	Requested by
33	pagead2.googlesyndication.com	www.babup.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.file-upload.org imasdk.googleapis.com
32	tpc.googlesyndication.com	pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com imasdk.googleapis.com
30	googleads.g.doubleclick.net	5 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
22	www.file-upload.org	www.file-upload.org www.babup.com
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
10	csi.gstatic.com	imasdk.googleapis.com
7	www.file-upload.com	7 redirects
6	www.googleadservices.com	googleads.g.doubleclick.net
6	imasdk.googleapis.com	googleads.g.doubleclick.net imasdk.googleapis.com
5	www.google.com	4 redirects tpc.googlesyndication.com
4	r3---sn-ua87zn7e.c.2mdn.net	googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
4	fonts.googleapis.com	googleads.g.doubleclick.net
4	www.babup.com	www.file-upload.org www.babup.com
3	dsum-sec.casalemedia.com	2 redirects
3	www.gstatic.com	googleads.g.doubleclick.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ib.adnxs.com	2 redirects
2	cm.g.doubleclick.net	1 redirects
2	googleads4.g.doubleclick.net
2	ade.googlesyndication.com
2	gcdn.2mdn.net	2 redirects
2	bid.g.doubleclick.net	imasdk.googleapis.com
2	www.googletagmanager.com	www.babup.com www.googletagmanager.com
2	connect.facebook.net	www.babup.com
2	images.dmca.com	www.file-upload.org www.babup.com
1	ssl.google-analytics.com	www.babup.com
1	ajax.googleapis.com	www.babup.com
0	certify-js.alexametrics.com Failed	www.babup.com
188	29

This site contains links to these domains. Also see Links.

Domain
www.file-upload.com
www.facebook.com
www.instagram.com
www.youtube.com
file-upload.com
www.file-up.org
www.dmca.com
safeweb.norton.com

Subject Issuer	Validity	Valid
file-upload.org E1	`2024-01-21` - `2024-04-20`	3 months	crt.sh
images.dmca.com R3	`2024-01-22` - `2024-04-21`	3 months	crt.sh
babup.com GTS CA 1P5	`2024-01-07` - `2024-04-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-29` - `2024-02-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2024-02-13` - `2024-04-23`	2 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh

This page contains 25 frames:

Primary Page: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Frame ID: ACFE85C8BCF6240FE3CD894019EBFABE
Requests: 62 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20190131/zrt_lookup_fy2021.html
Frame ID: 799C69D4F743B04A4CA563BE718471A6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1708415486&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~16~20&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415485949&bpp=10&bdt=990&idt=683&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4392057235031&frm=20&pv=2&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=714
Frame ID: F041D81D4F92C00859F4753240A4AEED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655
Frame ID: BBEC03490B832A04230D3F13950DFAAE
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486030&bpp=1&bdt=1071&idt=654&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=658
Frame ID: 7C717D52FB82F0E3A65F857722395C54
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486032&bpp=1&bdt=1072&idt=666&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=669
Frame ID: 50D1CD094AB2504389A6BE96EBE1F778
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 93FD843C571E3F9A1367D73B256FF219
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4EC1A1FC22058F29AD84D0CFA5193B25
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1708415488&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415488010&bpp=1&bdt=3050&idt=-M&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9158258ddde88272%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_MZF4zrK7DclzoQ_Uck-KWoIyf8TmA&gpic=UID%3D00000d5ccfa30708%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_Ma_h46QlglowNzg_y5qYUCNPBi6LQ&eo_id_str=ID%3D2650d2239007434e%3AT%3D1708415486%3ART%3D1708415486%3AS%3DAA-AfjaCB6IUF9pTtrCCIrIgAZeU&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGskM2F8qBd_-K4bCGl2HLTSZb6MpiDibxc8WvQEBPSCk-gdOTjTMkF-wQPkH-WNx71uwNN0te0qELt3Nr7LEDh5jaNnS%2CAOrYGsk8N3nTcT5MaCE8uQC-7scTgsh8r_UB66AP7HhPodsGSnFDzAMh5OTckob4ccLsPLotfGS4LIHd7b1GKJge4ohGEQbS&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=420
Frame ID: 67A42CB6F59F3707850645EEC2BA0982
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708415488&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415488010&bpp=1&bdt=3051&idt=-M&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9158258ddde88272%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_MZF4zrK7DclzoQ_Uck-KWoIyf8TmA&gpic=UID%3D00000d5ccfa30708%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_Ma_h46QlglowNzg_y5qYUCNPBi6LQ&eo_id_str=ID%3D2650d2239007434e%3AT%3D1708415486%3ART%3D1708415486%3AS%3DAA-AfjaCB6IUF9pTtrCCIrIgAZeU&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGskM2F8qBd_-K4bCGl2HLTSZb6MpiDibxc8WvQEBPSCk-gdOTjTMkF-wQPkH-WNx71uwNN0te0qELt3Nr7LEDh5jaNnS%2CAOrYGsk8N3nTcT5MaCE8uQC-7scTgsh8r_UB66AP7HhPodsGSnFDzAMh5OTckob4ccLsPLotfGS4LIHd7b1GKJge4ohGEQbS&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=434
Frame ID: 683C7CDEB6F0CE0A8B327BBFB0C6DBDD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 2340C92F9D47331C05B091A70A407D57
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 2252DC93507C730D2B25122ADC0DE218
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: FDC577F9B74477B3119ED660F4195AAA
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 1B7F48F3B4CE524E6831AABAC4886DFF
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 34E853D816670AC2FFED023C2401FF38
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1819CF0AADAFCB3180ABCDA74CE0904C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 6F200A9C5D17530A4185EA520AE47DF8
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 53464EC262A815F069026B2526B67B42
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 29EB1C0E08539C8FF7F3177A99295FFA
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CHeebo%3A400%2C500
Frame ID: B7919971AF09EF4665A5A3F56F162981
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 19930A38D3C8ACE8FD508D52830082BB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js
Frame ID: 5F4DE399D49F8FF972E3176C527813A7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js
Frame ID: 750C9D87EB53B90497DCEB98192092C8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js
Frame ID: D97FF2ADC86A5805CD82A4BAD6AA9755
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js
Frame ID: B5AF3DF9A3D70E4788DF9F983CA14015
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

https://www.file-upload.com/gxbzwmkj6mv4 HTTP 301
https://www.file-upload.org/gxbzwmkj6mv4 Page URL
https://www.babup.com/file.php?get=gxbzwmkj6mv4 Page URL

Detected technologies

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

188
Requests

91 %
HTTPS

0 %
IPv6

17
Domains

29
Subdomains

26
IPs

3
Countries

2554 kB
Transfer

16914 kB
Size

12
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://www.file-upload.com/?op=payment_proof
Title: Proof of Payments

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fileuploadcom

Search URL Search Domain Scan URL

URL: https://www.instagram.com/file_upload/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCSbk9gxKeQnawO7cZ0hZPJQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/make-money.html
Title: Make Money

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/login.html
Title: Login

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=register
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=forgot_pass
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=news
Title: News

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/desktop.html
Title: Desktop Uploader

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=english
Title: English

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=change_lang&lang=arabic
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=payments
Title: Premium Download

Search URL Search Domain Scan URL

URL: https://file-upload.com/gxbzwmkj6mv4
Title: Free Download

Search URL Search Domain Scan URL

URL: https://www.file-up.org/?op=register
Title: Sign up now

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/faq.html
Title: FAQ

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/tos.html
Title: Terms of service

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/child-exploitation.html
Title: Child Abuse Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/copyright.html
Title: Copyright Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/contact.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/adv.html
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/dmca.html
Title: DMCA

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/reseller.html
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/links.html
Title: Links

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/?op=check_files
Title: Link Checker

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/refund.html
Title: Refund Policy

Search URL Search Domain Scan URL

URL: https://www.file-upload.com/banners.html
Title: Banners

Search URL Search Domain Scan URL

URL: https://www.dmca.com/Protection/Status.aspx?ID=ff6622a1-89c3-492e-8fab-02994910b766&refurl=https://www.file-upload.com/vsd4gox6iv4l

Search URL Search Domain Scan URL

URL: https://safeweb.norton.com/report/show?url=www.file-upload.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.file-upload.com/gxbzwmkj6mv4 HTTP 301
https://www.file-upload.org/gxbzwmkj6mv4 Page URL
https://www.babup.com/file.php?get=gxbzwmkj6mv4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.file-upload.com/gxbzwmkj6mv4 HTTP 301
https://www.file-upload.org/gxbzwmkj6mv4

Request Chain 13

https://www.file-upload.com/mngez/css/app.css?v=1 HTTP 301
https://www.file-upload.org/mngez/css/app.css?v=1

Request Chain 14

https://www.file-upload.com/assets/images/logo_new.png HTTP 301
https://www.file-upload.org/assets/images/logo_new.png

Request Chain 16

https://www.file-upload.com/mngez/images/anti1.png HTTP 301
https://www.file-upload.org/mngez/images/anti1.png

Request Chain 17

https://www.file-upload.com/mngez/images/anti2.png HTTP 301
https://www.file-upload.org/mngez/images/anti2.png

Request Chain 19

https://www.file-upload.com/assets/images/norton.png HTTP 301
https://www.file-upload.org/assets/images/norton.png

Request Chain 27

https://www.file-upload.com/mngez/js/app.js?v=20 HTTP 301
https://www.file-upload.org/mngez/js/app.js?v=20

Request Chain 85

https://gcdn.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/293BC6A785B8CCEA710E8F51355E987E19265059.8A0D050A9C000C17430B3FCF679A135D1482D300/key/ck2/file/file.mp4 HTTP 302
https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/098B6DEA55DAB3FB219799BB39318E4446297E48.40D4A1538B79CDFFBDFCCC5CFA92164802775EA8/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4

Request Chain 97

https://gcdn.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/B028A6BD0C254D81B763778C705C2510EB9F2407.90B4E6722DE27920A7686FE93DEA9B0FF551616A/key/ck2/file/file.mp4 HTTP 302
https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/83EED14EADC129600032C3637BF1E66EB844020E.3849E6109E74D88943E51AD50F8E7BD585032B8F/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4

Request Chain 141

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 142

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 146

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 150

https://googleads.g.doubleclick.net/pagead/adview?ai=CYFy5_lnUZZr4LdTQ1fAP3vKhqAqhzOu7caCduODrEc7uv-J4EAEggrq4fGD5uvSDnBCgAeXx-v0DyAECqQKwgvbm93iSPqgDAcgDyQSqBM4BT9Db6ctYqqHM0bQXGRCCAHuFgzZXjvHHsrYWcTFOKB6aMQrM3dUu3GUMx0Kjdb0ebjeHlh1RQ1c6Wyx8nx6TasFKpkJbrNdvcmwvOQUeuB4hHouFo7YGB98Ui8qERegwX1HBm71fxNPjjenNhCPHV4ACUVT8GINJCPkvD_OIP17bynuKuIokT5krYHwU2_VqdmmsiHYf9grgp0itgWLvgXfdgQkQMxqjcJjdGZnK2t-QP60_UA6rxsA-ad33tFLqla42XTkEdpI-eD1mJzrABJWStZGmBIgFjJiv3EugBgKAB4OOhQKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAfVyRuoB6a-G9gHAfIHBBC4lQXSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpYvoPd0be5hAOaCSxodHRwczovL3BsdXMtbWVkaWEuY28uaWwvc3BkL2N5YmVyLXNlY3VyaXR5L4AKAcgLAdoMEQoLEKCZ47y7jLPb8QESAgED2BMD0BUBmBYBgBcBshccChoIABIUcHViLTkxNzY1MjE4OTgzNDE5MDkYAA&sigh=YUDb2_IwAJo&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_CD-6vQAVE2Cea2ajoi3QGOexvRPua5c2aTvv21Hz5a-0vCvqnhdZDLqQP24EdW6Tr2y85KPHl3gYiEsGnSx4GGXlFyS3Uhimbn0YAQ&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%222463995098005785215%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223606310737611140977%22}&andc=true

Request Chain 154

https://googleads.g.doubleclick.net/pagead/adview?ai=C7s6L_lnUZZj4LdTQ1fAP3vKhqAqhzOu7cbifuODrEc7uv-J4EAEggrq4fGD5uvSDnBCgAeXx-v0DyAECqQKwgvbm93iSPqgDAcgDyQSqBM0BT9AxGk79nouUsESwU_9xanskmdsd5KeDVhuyhHVLX3Pzi9v3BJt8IUag0rAzcdU8LpaL01_Ls62R2ARexkMFob4Hiegy68acVhw7-69Ud31kw1DdixfJL7LBxlxhZxNGJZ5og0bq_Lu0tFkE5ES-8E4OiyPtKHdO2Gw_ZpqWEE132IOOuIMF9nAr19mBttLFLcNItCBjxWKBuCACSvfLDtBdxJezvgFd2_527FB0GJTG-mHiRXjklOonKkD2h4Z4A9VH5X_aX6Y--ydNe8AElZK1kaYEiAWMmK_cS6AGAoAHg46FAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4b2AcB8gcEENnMBNIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOli-g93Rt7mEA5oJLGh0dHBzOi8vcGx1cy1tZWRpYS5jby5pbC9zcGQvY3liZXItc2VjdXJpdHkvgAoByAsB2gwRCgsQwNWL5-LqqYryARICAQPYEwPQFQGYFgGAFwGyFxwKGggAEhRwdWItOTE3NjUyMTg5ODM0MTkwORgA&sigh=jnNgSGukNX0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_CD-6vQAVE2Cea2ajoi3QGOexvRPua5c2aTvv21Hz5a-0vCvqnhdZDLqQP24EdW6Tr2y85KPHl3gYiEsGnSx4GGXlFyS3Uhimbn0YAQ&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%223179713527138543904%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212999819985394355345%22}&andc=true

Request Chain 156

https://googleads.g.doubleclick.net/pagead/adview?ai=CSvbm_lnUZZn4LdTQ1fAP3vKhqAqhzOu7cbifuODrEc7uv-J4EAEggrq4fGD5uvSDnBCgAeXx-v0DyAECqQKwgvbm93iSPqgDAcgDyQSqBM0BT9Aiqs9Hxicn-o5zcnYSwSikY6mh8BH1pcwn0ql4sKREYdbsaFgYhBehWNSHF126Itz8aY-mKA5oeSLG2kI6gmJfMMhFl36FWQSwA0pYHfApBwwLmI5pLPYSCYG6ptUExiOkUUq3h6mdNGKUUDHuycVzOSpFB5j3CKZmfZaOI9YILrm1RECE5OabiGHJuaZC4ajSmOCEC3RIze8iyj7c0cq0uPRZtopG5OWcLIxUp5nWg6umN4sfqVNzp3YuEmcoJ8eBEsDOqMZ850T5VMAElZK1kaYEiAWMmK_cS6AGAoAHg46FAqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4b2AcB8gcEEJbRBNIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOli-g93Rt7mEA5oJLGh0dHBzOi8vcGx1cy1tZWRpYS5jby5pbC9zcGQvY3liZXItc2VjdXJpdHkvgAoByAsB2gwQCgoQgJiL1c2R-tgnEgIBA9gTA9AVAZgWAYAXAbIXHAoaCAASFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=65tKQfzjhGY&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_CD-6vQAVE2Cea2ajoi3QGOexvRPua5c2aTvv21Hz5a-0vCvqnhdZDLqQP24EdW6Tr2y85KPHl3gYiEsGnSx4GGXlFyS3Uhimbn0YAQ&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%225955219161246185359%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217058000197871209649%22}&andc=true

Request Chain 167

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJy6pwIQm_2l6QQYue3s7AEgATAB&v=APEucNUyxQwmOaqICi1ANmLwndOCImsQ6wbi1wqzvUGnIV5EBxz3ax9HQuRNKdpcFuL4s3YGxAi9sYSMt_Ey-NyD2gJlViT-ZeOk7M6zObXsIre38eJeqnA HTTP 302
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdRaAosFVoMAAA2RAESBWAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM6FNoi4fUofaUNNopdSE48&google_cver=1

Request Chain 176

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJy6pwIQm_2l6QQYue3s7AEgATAB&v=APEucNWQC7QbniXqTFSI4OFba9Uj8EpP2Y3MBgmVOwNDC0iOjTY8EGcXlgTPeZGMdfIBUwBYv8Ytx9lcz_x5wuHpptAbAWh5ab8ogoIkEMMlzyb_UTrxOHQ HTTP 302
https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIzNDk1Nzc0NjI4NzUzNTM3NA%3D%3D

188 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

gxbzwmkj6mv4 Show response
www.file-upload.org/
Redirect Chain

https://www.file-upload.com/gxbzwmkj6mv4
https://www.file-upload.org/gxbzwmkj6mv4

28 KB
7 KB

447ms
172ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/gxbzwmkj6mv4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84d20fdbf9026581fa432a64ebcf1f131fd4e82e66a8d4caa2c0dad9c1ada086

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 85852a06db0583a3-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 20 Feb 2024 07:51:24 GMT
expires: Mon, 19 Feb 2024 07:51:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMXy%2B7HBjZoWGnfm8DU7NDhsrsuX1R8KF0cwvXvTZE7NpmvxwM%2B%2B2eg7ujpy%2BgfMxmYGDP9iUgMEtwzDvJrQgAl83a20HCCg01fanUhESw6Sz0O6z9IHaiCi70GXiasT3esw92mm"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0;includeSubDomains;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 85852a041b9e83a8-MXP
content-type: text/html
date: Tue, 20 Feb 2024 07:51:23 GMT
location: https://www.file-upload.org/gxbzwmkj6mv4
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BFRawJp1M4XaatORucdZA6tl1By12pyZceR%2Bq%2BpcyR%2FdPxiqxJMPPPhnzDIwk1W5WsOEHsvmPzNxVn6cyO%2Fre3ovbMx%2F2qG8tvwRlxjC6tIN2Pm%2FWReoUInHP9x%2BnjLeTEL%2Fjy9"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 app.css
www.file-upload.org/mngez/css/ 247 KB
41 KB 144ms
140ms Stylesheet
text/css 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1444016
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJ4X2njZkVdst3pqBHk4PfV32tP%2BY9tp1Ol%2FWMLCQ8o9bGq8OpQFTe47BHvGXxKfcwCsA6cKcDsNczAgJsDYS5Ts8nubCObbHhTScopeZ6XLGl7%2FHwsWPxKkxOy0MP4V4l85tIKc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 85852a080c8a83a3-MXP
expires: Sun, 04 Feb 2024 14:44:28 GMT

GET
H2 200 app.js Show response
www.file-upload.org/mngez/js/ 235 KB
80 KB 223ms
221ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFeUQcDmpCboQ%2FDQ6KZqzQXysr%2BuOBzEPtEAjgiih%2BWwON4O7h%2FnEPi92f0TqjkRQs%2FU1Sj6RZF%2B1kyRxCMDyW7L37OpPgdWnbya3l0Bf1iw3iYrou22HM2Nwy3M%2BJajpQFcfhFT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 85852a080c8c83a3-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo_new.png
www.file-upload.org/assets/images/ 3 KB
4 KB 137ms
135ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7008951
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0a3DMBKV1xBCWSsZ2un5rPa3evFEWOHP6NXDOULfzCcgWPdKncEVQj4ZJGA5rnBBWbAn8rxwos1U%2FlCKmvcWvhlly8va%2Bvjb62%2FRNwXiH3wDlGHBoXbS89h60SYhmC7h7KtEwjN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a080c8d83a3-MXP
expires: Fri, 08 Dec 2023 04:55:33 GMT

GET
H2 200 email-decode.min.js Show response
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 133ms
132ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Feb 2024 18:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65cbb0fd-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2BiGaPfb%2BXZYPPFnyFju9Kt2UkufgnQUQKExbHQSYC4sf8KSLK5J1f6Ft8lf4NaVRVzInej5eEML4rJ3T%2FBsJ9tMzSTmV%2B9vWwzTXJdZazLhPjMGZbhV5Jv9KaF9M70w9xVG5BvD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85852a080c8f83a3-MXP
expires: Thu, 22 Feb 2024 07:51:24 GMT

GET
H3 200 anti1.png
www.file-upload.org/mngez/images/ 19 KB
19 KB 135ms
134ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7105459
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzK0WGrh11T846em0dbRzmX0aiySZePEGzCeyHN69W14fHKADLMCYvLn%2BA9ylAuZmVNpH0NDRSwLcBqPmt4%2FqpZtc5d03cfCbPbVaTJ4tryNPmKKXoSJ8FCKcZS2bl1Gio11MIl1"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a08edc583a3-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

GET
H3 200 anti2.png
www.file-upload.org/mngez/images/ 641 B
1 KB 262ms
262ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8923836
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2BC%2F%2BXyOJoXHGMbKF2AE1uxh6UC3gOxwxuY54Edumn%2BDrRNgJM2AmFNYqM55tZlZ2tDwDb1vf%2FGUxSiBZSZAEfy5tGwtRY4lujQ7oYx4mXYFS%2F7KqJ3MLrk783VCltJIHlfIxH6p"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a08edca83a3-MXP
expires: Thu, 16 Nov 2023 01:00:48 GMT

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 394ms
122ms Image
image/png 169.150.247.38
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.38 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-38.bunnyinfra.net
Software: BunnyCDN-DE1-1081 / ASP.NET
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 603429c922c0b178353be97f2a919226
accept-ranges: bytes
cdn-requestcountrycode: IL
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 norton.png
www.file-upload.org/assets/images/ 5 KB
5 KB 139ms
139ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7105459
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ifXRTkDsw49YxAm4Vq17MJCzS1Bj%2Bu9tTTz2or1CVQr4489fLpZdbOiL5W3ce9ao%2BvDWFyf83xblMAeqoizIsaxtVsqd6K%2BSo3hTxko5%2FtKpdWOs%2BihfnbS8GyBKtpHKLfqPgHH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0a0f7483a3-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

GET
H2 200 Primary Request file.php Show response
www.babup.com/ 23 KB
7 KB 530ms
298ms Document
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.2.34
Resource Hash: f0c5d83ec3c5cbc75ab6af15e4aa014764df3b9704614a8babbd707615c52a3f

Request headers

Referer: https://www.file-upload.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 85852a0b79b5839d-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 20 Feb 2024 07:51:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=usNC5v0t1SB2GNJtdXygWCU2lfDp851htJLCyyLO34a1eHtB11w4wkEz7hCyxuqd3115Jv7Aj6QmUn%2FcvJC3GPqKPiXmNtZNDNSTy7X9vhYsUljzshnhDNZO4tWl6rrf"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-powered-by: PHP/7.2.34

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 137ms
136ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8819107
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqUzIi24uqQvUpKGrbntMlM7%2BlSV9ASFqkBloSJKZsEQzeSZAPMfnRnX7D6ie7gsRco%2FfCwg0MiEiOfYochWQW9U05kiClPNyoLhhdAVreFpmUBomYWZnFSTTTGCTnshVgV4vXiu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0a0f8883a3-MXP
expires: Fri, 17 Nov 2023 06:06:17 GMT

GET
H3 200 fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 75 KB
76 KB 199ms
199ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2308
etag: "12d68-5fe4d56c8e4d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=To1OyvAQqlca2lF33eS1HxGui7uJaTE9HTSMrkPs67tQu5bs6oM%2FLqmTkKLm0hX1j8HtHOLJ4drvNrs6nwwGfKmi6t1bXmK41tLIy3e%2BAQSIqzpPaky%2Bopk7fjSp1N0Sa%2Bsc8UCH"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 85852a0a0f8b83a3-MXP
alt-svc: h3=":443"; ma=86400
content-length: 77160

GET
H3 200 poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 384ms
384ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 680
etag: "1ee0-5fe4d56c8f861"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OWJtrFuucIDlt0E%2FIasA%2FwkSO0F%2BbMJBpAu8X5wLQhUVLBPk70tx7KfjS1CpjWKxL3BwIvTJrV65i22iMY7Fjc3fzrZWsFm1XuGKYNCZoUuIjgvEabkA3Ndhx9rtzW8Ce00s5qB"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 85852a0a0f8e83a3-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7904

GET
H3 200 poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 8 KB
8 KB 386ms
386ms Font
font/woff2 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.file-upload.org
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:24 GMT
cf-cache-status: HIT
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5077
etag: "1ecc-5fe4d56c90801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWRZStIPBYfSCSXCPNvofN4OOPKN%2BHqorvzbYgma8AwPC9HHWXPhya7tAX7bQH99ChQvudXDl%2FfptiT4dCGq8PZ3lsS1gPZoI9UiuutXHQYpk3cEiDAd1Xbbbn%2FCYoFq1cL0BG8q"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 85852a0a0f9083a3-MXP
alt-svc: h3=":443"; ma=86400
content-length: 7884

GET
H3

200

app.css
www.file-upload.org/mngez/css/
Redirect Chain

https://www.file-upload.com/mngez/css/app.css?v=1
https://www.file-upload.org/mngez/css/app.css?v=1

247 KB
41 KB

139ms
138ms

Stylesheet
text/css

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/css/app.css?v=1
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1444017
alt-svc: h3=":443"; ma=86400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: W/"3dcf1-5fe4d56ca6b7a-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OZvM7hLPAaEuUcFr%2FEiQKGoBO85A%2BHCZZ1XUNniQGCgYcRKW%2FHIBZH27a3YdLVSjO4GxZGtGlxbW6DiFFYePlXFA1uJkuM1qq7%2FcXla4qqN54Is5zNa0ZL1b7HtfcWqSQlubc9ZL"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2692000
cf-ray: 85852a0e3d5483a3-MXP
expires: Sun, 04 Feb 2024 14:44:28 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 409
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hobSvpY6qXaw79puPH22QTzSlw0yTCYNHCbEGRt61tkc8wjnM7yPAt6R422w75%2BquDWCsptXF0%2Bb82Ay7KMQ9kfWlMt2eUIdX8ANSpJXhSD%2BAyAn2EszfTnfoYz5LcD02Olaz57l"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/css/app.css?v=1
cache-control: max-age=31536000
cf-ray: 85852a0d5fb783a8-MXP
alt-svc: h3=":443"; ma=86400

GET
H3

200

logo_new.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/logo_new.png
https://www.file-upload.org/assets/images/logo_new.png

3 KB
4 KB

156ms
156ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/logo_new.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7008952
alt-svc: h3=":443"; ma=86400
content-length: 3215
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "c8f-5fe4d56f9b8f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dAcCJLRMPFqC%2FzeoKfFMMUa2zybTaTK5r4xicfF0ion3csAYauZODX7Ig2zAwibngntqzGIiMCPMSBS67xzF6tmOFAAImoD%2BuhPy3ay9SyNXIVqKl26%2BggAbcudC8FsisfdAfvbu"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0e2d4583a3-MXP
expires: Fri, 08 Dec 2023 04:55:33 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 920
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSRBvDkx%2FqdXW%2F5SP03wiPvsJu1EToVWjx%2F2bn12Zx75blxqzCrj8l4NADw14Y4p6y2xU5Ea46uSD0C1wQVWc4TsUFk7zB6dLe9IcFWK6gqfc%2BgzpBmxikpxl3EHzAFKvS49W15N"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/logo_new.png
cache-control: max-age=31536000
cf-ray: 85852a0d5fba83a8-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 112ms
111ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/file.php?get=gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Feb 2024 18:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65cbb0fd-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fsquvcoFYHMiBQFfhG6ODAOTKaU%2B7LOfj3i044oTPESVSqOWSDzgqSV9vpfm%2F06AiqkYTDKSIo3%2FESTS805Kd7bMuTxslpPMB6FX%2FtdRASTmdnGpzrh8IzGMkQ2XhPvD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85852a0d5c76839d-MXP
expires: Thu, 22 Feb 2024 07:51:25 GMT

GET
H3

200

anti1.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti1.png
https://www.file-upload.org/mngez/images/anti1.png

19 KB
19 KB

134ms
134ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti1.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7105460
alt-svc: h3=":443"; ma=86400
content-length: 19118
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "4aae-5fe4d56c96d92"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AX%2BUf8wmZBy4YOe8CyDgQ5jU%2Fc7zpo3dFa3Rb%2BW%2FFcmahYmMRS%2BfhpGri89imeRXeIoxWKjVVcH%2F%2Bltnw79pYaWQm62CY3mfZd9GjbqDIyMLcF8T4hwfXpWVO9iShBc6slKgOzyT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0e4d6a83a3-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 920
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bBLLY2k0M%2FhIpC95GWLFrrd%2FuDQGxYx2V1qmc2b8LfjK0%2FcPYoUNwreBMtolU0i%2FTfQRXpr%2F7IFBu9Yb9vnFYZSuSZKpufibpglk%2BAE2WBS2%2FQkiZo24v%2F5GW0vKlLbNIXXBNjvX"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti1.png
cache-control: max-age=31536000
cf-ray: 85852a0d7fe383a8-MXP
alt-svc: h3=":443"; ma=86400

GET
H3

200

anti2.png
www.file-upload.org/mngez/images/
Redirect Chain

https://www.file-upload.com/mngez/images/anti2.png
https://www.file-upload.org/mngez/images/anti2.png

641 B
1 KB

134ms
133ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/anti2.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8923837
alt-svc: h3=":443"; ma=86400
content-length: 641
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "281-5fe4d56c988ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xqC%2FBv%2Fs8X6JB0ipnImZ4TC1F7ULE8A%2F1r371IjRHpopWVnLtR7HSR5hBKQMvO5Y62nd0FMuuvx7YAiuS8vqYcQHWt6oi6%2FLIuKoX03QxX5TZImS3rj8hc5eqXwElke%2BzNCxSic"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0e4d7a83a3-MXP
expires: Thu, 16 Nov 2023 01:00:48 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 920
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GozV9OVFAK%2F2kJ6ETaoUz1WqNpZn4XyhuLyynlLqYGlg5tWvON9fP%2Bc99vrOteDfj%2BZQVVNZ9gZvsZ1qHr7uTKoLXt979yjuu6%2BZBlrv6URlpgHyeEh2PlgFhm7g5nAMWmLkc7Nb"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/images/anti2.png
cache-control: max-age=31536000
cf-ray: 85852a0d7fe783a8-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 _dmca_premi_badge_4.png
images.dmca.com/Badges/ 4 KB
5 KB 123ms
122ms Image
image/png 169.150.247.38
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.38 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-38.bunnyinfra.net
Software: BunnyCDN-DE1-1081 / ASP.NET
Resource Hash: 0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cdn-edgestorageid: 1080
x-powered-by: ASP.NET
cdn-cachedat: 10/31/2023 19:00:16
cdn-pullzone: 1574055
content-length: 4535
last-modified: Thu, 02 Jun 2011 03:26:26 GMT
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: "0abbdbd420cc1:0"
content-type: image/png
cdn-cache: HIT
cdn-uid: c136c664-112d-4533-8247-f90f6849ab39
cache-control: public, max-age=31536000
cdn-requestid: 742e6a83598fc99a95a8dde455d9409e
accept-ranges: bytes
cdn-requestcountrycode: IL
link: <https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3

200

norton.png
www.file-upload.org/assets/images/
Redirect Chain

https://www.file-upload.com/assets/images/norton.png
https://www.file-upload.org/assets/images/norton.png

5 KB
5 KB

133ms
133ms

Image
image/png

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/assets/images/norton.png
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7105460
alt-svc: h3=":443"; ma=86400
content-length: 4963
last-modified: Sat, 17 Jun 2023 06:23:28 GMT
server: cloudflare
etag: "1363-5fe4d56f95368"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxOSdHEbdEx9d4YjbA%2F8cco8uGrr02FD6EWtJrtD2%2FQGvqaCe8XKKbelPGsrxVjbgOGsqJ5PJPH8Wspk%2FNr3ev9U7Y3hVr9IIUrvQUXB5P6y6UHTKmZtw5S4Xv1YGnftKSU2QSuw"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0e4d6f83a3-MXP
expires: Thu, 07 Dec 2023 02:07:05 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 920
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kgMp3dIw4M6c5YKC4zh0y0d8Ak8Ifpb1APaoGZ%2FfG9gZDWyf7hlmQiZpBsAsBTsamVkzB2a1V14Xck4mPyeg74GwNbnED9kzM%2FXZ4uoTAYtZxXwNbrm%2FTH2igYJPajm8MjypAMoL"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/assets/images/norton.png
cache-control: max-age=31536000
cf-ray: 85852a0d7fea83a8-MXP
alt-svc: h3=":443"; ma=86400

GET
H2 200 rocket-loader.min.js Show response
www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 112ms
112ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/file.php?get=gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Feb 2024 18:12:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65cbb0fd-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOiBM63q7ZMV%2BjLkrNKb2ZLv68TFBymM3oGlByrvLP3Nt9UfX976DWL37zUzT6JCGMt%2BAwfj%2BAFhfUSrHlKxQVI6TScyJTCGieaiYBj2rBlq%2F9kFICOo6U0ezY3TO52G"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 85852a0d7ca1839d-MXP
expires: Thu, 22 Feb 2024 07:51:25 GMT

GET
H3 200 flags.png
www.file-upload.org/mngez/images/ 15 KB
15 KB 134ms
133ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8819108
alt-svc: h3=":443"; ma=86400
content-length: 15022
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "3aae-5fe4d56c9bbb2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z4atLPfzAHU4NCzrwg9E2CHiSHfyW4Jyu0YAFf0Bt3lvpwLetiVYxyT54GvvIJ2maOG91HwvdX7WAQ2hVdp%2BViqxEd8bk29d30yR2Ur0Ddi40zLAWwB71kavI%2BcuSQIlpoCe8%2BmH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a0f2e7183a3-MXP
expires: Fri, 17 Nov 2023 06:06:17 GMT

GET fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 0
0

GET poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/ 0
0

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
51 KB 406ms
163ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

df64f6c124834e3389fa3839270ebf025d2a2880227a82b64bd0a44ddc58233d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51569
x-xss-protection: 0
server: cafe
etag: 6665881311408166741
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 20 Feb 2024 07:51:25 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 357ms
114ms Script
text/javascript 172.217.16.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f10.1e100.net

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:34:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 396991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Feb 2025 17:34:54 GMT

GET
H3

200

app.js Show response
www.file-upload.org/mngez/js/
Redirect Chain

https://www.file-upload.com/mngez/js/app.js?v=20
https://www.file-upload.org/mngez/js/app.js?v=20

235 KB
80 KB

197ms
197ms

Script
application/javascript

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/js/app.js?v=20
Requested by: Host: www.babup.com
URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4
Protocol: H3
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"3aa0d-5fe4d56c9e2c2-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DXPVOdbQMz7z2DHfqzHmDY%2BzvYtHHavcvyiJQPeNT4l30mMnPokD%2FPXniM1mthhuEoHarxFHuuuAjA36OVyEpT%2FlF%2B3jWZx6AVx62swleAmxAnl4h%2Fc1%2FtV9p0C63WaLymk8nW31"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2692000, private
cf-ray: 85852a103fcd83a3-MXP
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 339
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyqW8YR0imoyUnpdLxtEe3i7Yx7%2FxclNde9fMWWs2KkIj3iw2vu9l3JmiMcOQcxrou8wXzsNTCrdAtzXoEfIivcjEM9ubmQnOuYGQJsGZ7yHX56d%2FF24pWFBF9sD5iKMf2sgrfuV"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://www.file-upload.org/mngez/js/app.js?v=20
cache-control: max-age=31536000
cf-ray: 85852a0f5ad30e3f-MXP
alt-svc: h3=":443"; ma=86400

GET atrk.js
certify-js.alexametrics.com/ 0
0

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 350ms
114ms Script
text/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Feb 2024 05:54:57 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6988
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Tue, 20 Feb 2024 07:54:57 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 334ms
110ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

f27f803cb1f9a3691da9a391ddb754b9872f8cdecd4a8ee3918183f3723fe9d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Feb 2024 07:51:25 GMT
content-md5: 4cNTt2BdMuMh+qv7iT9pUQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: /ElfJD/lsaQGe0Z1C5UX8HnQG+k1DokHeXgQOilup5wSdR4eMDLl/Xsl5cO4W/TkRo4P4Doy3OT/7qi2kbu+OA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: a2e2e774fbe615d90acab0d301164dd7
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "38d3e8a8fc48d8ffdf8a02eb40ff33d7"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:01:23 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 303 KB
88 KB 333ms
109ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

fb6761fb36c9f0fb07407410bbc01201a11e7835ff539f930882574d4b98e43e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Feb 2024 07:51:25 GMT
content-md5: /Y2lf10QIOoJKchuR205Fg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88667
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: slgc2xfB2lofIUocnxCl3Dx/oQ/cpsAnOvPyNvXAIvEwCwH3NnpcFbZEnrJx1nZlE1WthRU+H0JXF+QGlSp/GQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 29b7f9f05bf35a90afa0b236624325e6
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "14a72950f4d4e429bfdbb0eda346f2d7"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 13 Feb 2025 17:16:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
70 KB 374ms
128ms Script
application/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

5d9f40b307cbe50c44c2e348601f39e06cbd8130bdff0ea2543f0556909364e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70838
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Feb 2024 07:51:25 GMT

GET
H3 200 blockadblock.js Show response
www.babup.com/ 6 KB
2 KB 118ms
118ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.babup.com/blockadblock.js
Requested by: Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/file.php?get=gxbzwmkj6mv4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2346
cf-polished: origSize=6947
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 22 Aug 2023 10:11:48 GMT
server: cloudflare
etag: W/"1b23-6038039110a59-gzip"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=priC2fqPt5wGd5wFenmiGMbDoFKZie5z9pC3f3A5IP3JuVchra9QySWTllUW4gRMi55iN9ZjAMX8mhEaMGq4812beynF%2FKK1HTsNCRkhljoiy5Apk46Igsc2egWuTgVI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 85852a0f58bc3759-MXP

GET
H3 200 poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 241ms
239ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4464869
alt-svc: h3=":443"; ma=86400
content-length: 10420
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28b4-5fe4d56c94299"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UeaW%2FQer70Q3Vq1N1RAhg3Z6CZ5%2FMRR7crDiZ1oRKx512RiWbkGNoV%2BE4MAOJ0OSyoZ6nhIEkb5drdcxrP2%2BHmgBE8o119zLE7idHfQcBo%2FawLYmAihmW3RTRopW0M9vKMCSjTS"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a10dede0dff-MXP

GET
H3 200 poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/ 10 KB
11 KB 242ms
242ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4464869
alt-svc: h3=":443"; ma=86400
content-length: 10400
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "28a0-5fe4d56c936e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQl3ZJ%2BiJEUmpAvW5WstkLDTKgWNKqDkEtO9i%2FiYCQ6w4yj%2B8rxQ4c2mP7J1nCeOa2Ttmf6ArcypiAsSOcKuGHf%2BCOxI6XgFdyDryIy9kVlb%2F5dy2PBMMFSibO2A2YfmRzlTZ8IJ"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a10eee80dff-MXP

GET
H3 200 fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/ 96 KB
96 KB 140ms
139ms Font
font/woff 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by: Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer: https://www.file-upload.org/mngez/css/app.css?v=1
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4464869
alt-svc: h3=":443"; ma=86400
content-length: 98024
last-modified: Sat, 17 Jun 2023 06:23:25 GMT
server: cloudflare
etag: "17ee8-5fe4d56c8f479"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Vszmutyumle2VcdJznNqhxIejSCgkz8W7aPPGBw4m0OZzdHRjnubf9A5BNtyHsN0FeZ%2FOolg4%2FPaPYX2XE9aVGk9ouZwpzpAHqK5SxtBxefZb5ROgtwZDWpVDvPTyXvlgLYa1dw"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 85852a118fd20dff-MXP

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/ 407 KB
138 KB 400ms
172ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

d160d8d2c86d0352669c8adba3c48554e2ca62f3f19fe6acf1128773cc931c05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141269
x-xss-protection: 0
server: cafe
etag: 5978201100336781805
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 07:51:26 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240215/r20190131/ Frame 799C 9 KB
5 KB 357ms
115ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240215/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 2202
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:14:44 GMT
etag: 3890843268177463596
expires: Tue, 05 Mar 2024 07:14:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
81 KB 127ms
127ms Script
application/javascript 172.217.18.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e4b16276c4587cd936631604517b0fbd6be02877418445ae5ae42e25cb8ece40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83146
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 20 Feb 2024 07:51:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 386ms
113ms Script
text/javascript 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 20 Feb 2024 07:30:40 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1246
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 20 Feb 2024 09:30:40 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
50 KB 162ms
161ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Requested by

Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

7cf0f0c633ae481804aeef3e87bf5955c55c7988f77e8f101d01981b794bdc4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Origin: https://www.babup.com
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51565
x-xss-protection: 0
server: cafe
etag: 15862713038857933664
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 20 Feb 2024 07:51:26 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
170 B 139ms
138ms Ping
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je42e0v9114416819za200&_p=1708415485977&gcd=13l3l3l3l1&npa=0&dma=0&cid=1213527405.1708415486&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1708415486&sct=1&seg=0&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1889
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
91 B 122ms
121ms XHR
text/plain 142.250.185.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=113298300&t=pageview&_s=1&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1066975859&gjid=795181356&cid=1213527405.1708415486&tid=UA-119779859-1&_gid=172799496.1708415486&_r=1&gtm=457e42e0za200&gcd=13l3l3l3l1&dma=0&jsscut=1&z=731542418

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.babup.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F041 579 KB
112 KB 907ms
906ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1708415486&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~16~20&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415485949&bpp=10&bdt=990&idt=683&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4392057235031&frm=20&pv=2&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=714

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

b0aaf31cfa43bd5ebc3969c2ab627a26e3b0d94eb5c9e9b08f2d41ded339d00a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 114756
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:27 GMT
expires: Tue, 20 Feb 2024 07:51:27 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 158ms
158ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240215&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

d7500501bbecebe29bdcdca5b2dee498986b09dde3dee7540ac73b6d37499ea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12381
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BBEC 86 KB
28 KB 705ms
704ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

03fd4e0f5af4bb78efd48c23c0b4c10cf5540c763d44edd6c5ef50e2e361d3b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 28104
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:27 GMT
expires: Tue, 20 Feb 2024 07:51:27 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7C71 86 KB
28 KB 533ms
532ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486030&bpp=1&bdt=1071&idt=654&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=658

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

c3041f1efdd068a183d11ad2be6e7804bfe4fd11a6ffbf3c8de0657c8c044d6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 28093
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:27 GMT
expires: Tue, 20 Feb 2024 07:51:27 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 50D1 841 B
626 B 354ms
353ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486032&bpp=1&bdt=1072&idt=666&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=669

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

2a12edc6ec3fd87045c1a1c9947c48ccd02164ed45b3f12edd1eec940c761bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 405
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:26 GMT
expires: Tue, 20 Feb 2024 07:51:26 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 410ms
160ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 20 Feb 2024 07:51:27 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 7C71 23 KB
9 KB 114ms
112ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486030&bpp=1&bdt=1071&idt=654&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=658

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7C71 9 KB
1 KB 369ms
129ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Feb 2024 07:51:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 07:37:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Feb 2024 07:51:27 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/ Frame 7C71 15 KB
3 KB 360ms
117ms Stylesheet
text/css 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 13:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 498295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2939
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 11:56:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 13:26:32 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/ Frame 7C71 379 KB
132 KB 365ms
123ms Script
text/javascript 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

58c7b6bffabba04d72d8077b9efcfb4f7a6478b9e66c5b07a3a32e3cda3b1877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 13:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 498295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134674
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 11:56:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 13:26:32 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 93FD 13 KB
5 KB 117ms
115ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

accept-ranges: bytes
age: 69765
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 19 Feb 2024 12:28:42 GMT
expires: Tue, 18 Feb 2025 12:28:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4EC1 829 B
1 KB 367ms
123ms Document
text/html 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f4.1e100.net

Software

GSE /

Resource Hash

58aa3dcc78b117e68fda2e9d89705dfa9bad10b5041c95cb141bea1f8672f1e2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3xAsdSFUeAQdCiWePz8SYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-3xAsdSFUeAQdCiWePz8SYA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:27 GMT
expires: Tue, 20 Feb 2024 07:51:27 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 7C71 20 KB
8 KB 114ms
113ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53526
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame BBEC 23 KB
9 KB 116ms
112ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77806
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BBEC 9 KB
846 B 162ms
131ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Feb 2024 07:51:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 06:56:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Feb 2024 07:51:27 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/ Frame BBEC 15 KB
3 KB 155ms
120ms Stylesheet
text/css 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 13:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 498295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2939
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 11:56:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 13:26:32 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/ Frame BBEC 379 KB
132 KB 242ms
208ms Script
text/javascript 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

58c7b6bffabba04d72d8077b9efcfb4f7a6478b9e66c5b07a3a32e3cda3b1877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 13:26:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 498295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134674
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 11:56:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 13:26:32 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame BBEC 20 KB
8 KB 122ms
121ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53526
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 93FD 39 KB
15 KB 114ms
113ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:13:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77863
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Feb 2025 10:13:44 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/ 165 KB
56 KB 156ms
156ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/reactive_library_fy2021.js?bust=31081219

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f837509cbb7ce626d0a03a099f9a018ee980e4dd8c76b6ae2fbf6c4df76f83c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57040
x-xss-protection: 0
server: cafe
etag: 3552714620642225961
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 07:51:27 GMT

GET
H2 200 ca-pub-9176521898341909 Show response
fundingchoicesmessages.google.com/i/ 182 KB
61 KB 410ms
143ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-9176521898341909?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

56c2a189b6dcdebf08b55d1394433c5a580f7b89e3abe02415d37f9e017a894b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-08PN3ErjYAk01VNOei3gww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-08PN3ErjYAk01VNOei3gww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjmsKoxSXF4K0hxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIW6Ohi0X17EJvJh8yAYAmYBD7w"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/ 90 KB
31 KB 176ms
176ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/slotcar_library_fy2021.js?bust=31081219

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

357deeea18950b1ea4106557c3c32a1607e624d7723c98091a6574ce1ae51528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32119
x-xss-protection: 0
server: cafe
etag: 14318367600337871423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 07:51:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4EC1 0
0 162ms
161ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240215&jk=2089597695575073&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame 7C71 0
54 B 698ms
232ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lsu2gz1q&c=7910007095899&slotId=3955003547949.5&qqid=CM_w4tG3uYQDFYOg7AodGHoNNw&fb=outstream-lima&sei=44752538%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7C71 15 KB
16 KB 452ms
215ms Font
font/woff2 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f3.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:49:41 GMT
x-content-type-options: nosniff
age: 601307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:49:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7C71 15 KB
16 KB 349ms
112ms Font
font/woff2 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:51:30 GMT
x-content-type-options: nosniff
age: 601198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:51:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7C71 0
20 B 145ms
144ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CoFvW_lnUZc_5MoPBsgeY9LW4A_v_8MR1rLStnPkR5KyMosQ9EAEggrq4fGD5uvSDnBCgAf_xp9wpyAEFqQKwgvbm93iSPqgDAcgDmwSqBOoBT9DOgjuA5-oNMAlpTYDWt9bNumpOoNJvI64mCo_lJnQV4NVisBz11MsjDH7c-lF3xWDliLhxWNy9iT-cV3_fBswJs8DmTi4KLc358mNDOsVM6S9c-JGZJnUIrW95qUqV9aoK-EguHTvbguPKcH2ASE1m99L6_PGTepsEOyzNmukEI4fnu4UPY7mXnqAvHQ9lZZ-4x_EQrr8uZbh2yUwV2TIOA6VvBTNaLFpr_VhML44Pi5xrJ8xCRQvvP1SuSTtZfWHg48HPquc-29FCZNBrxsZRzhGdjgcfuj5iSmzcKfHRP6li2CxJwaNAwASGwZv_vATgBAOIBf283bZLkAYBoAZ2gAf_qfi7BKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY0ZDe0be5hAOACgHICwHgCwGADAGqDQJJTLATuJ-5FsgTnaKV4wPYEwqIFAjYFAHQFQH4FgGAFwHoFwU&eventType=clickstring&clientTime=1708415487875&ai=CoFvW_lnUZc_5MoPBsgeY9LW4A_v_8MR1rLStnPkR5KyMosQ9EAEggrq4fGD5uvSDnBCgAf_xp9wpyAEFqQKwgvbm93iSPqgDAcgDmwSqBOoBT9DOgjuA5-oNMAlpTYDWt9bNumpOoNJvI64mCo_lJnQV4NVisBz11MsjDH7c-lF3xWDliLhxWNy9iT-cV3_fBswJs8DmTi4KLc358mNDOsVM6S9c-JGZJnUIrW95qUqV9aoK-EguHTvbguPKcH2ASE1m99L6_PGTepsEOyzNmukEI4fnu4UPY7mXnqAvHQ9lZZ-4x_EQrr8uZbh2yUwV2TIOA6VvBTNaLFpr_VhML44Pi5xrJ8xCRQvvP1SuSTtZfWHg48HPquc-29FCZNBrxsZRzhGdjgcfuj5iSmzcKfHRP6li2CxJwaNAwASGwZv_vATgBAOIBf283bZLkAYBoAZ2gAf_qfi7BKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY0ZDe0be5hAOACgHICwHgCwGADAGqDQJJTLATuJ-5FsgTnaKV4wPYEwqIFAjYFAHQFQH4FgGAFwHoFwU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 7C71 0
45 B 681ms
233ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lsu2gz2d&c=7910007095899&slotId=3955003547949.5&qqid=CM_w4tG3uYQDFYOg7AodGHoNNw&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.xe&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 7C71 32 KB
18 KB 410ms
172ms XHR
text/xml 64.233.166.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-B7EixDgxGjdenj2DXbPonOP5qsQaJc9ztmTnhHKKXl2QHW-Oso8d-x6uf-8YAr9VLvzVn_UrRDuJJGfIIyDn6HQILYZg&cry=1&dbm_d=AKAmf-CEWj7WxVZVRmTuXYFksFNtHy1TIGKm9dPXiiV7lLw3nnj9x_wEG91_-rBcF-b6kLJTwBtrXXu73sh1WJ7Wutz94raIfpIRJiUiArkl-t4A4k3LjdsrmJmKZ5q9dxVNYZQKHnnAMXG0E1besS694svVnFp3OboKa39687SjweNxJyC6FAOkexLS74YKSTGNxHJ59wyzEjSeSWJESkhXmWITtmTuTUkFwVHCntlGDmTix_r4VryvRGVxOUxIFh1s3Veen-3GsffR-bdBSB4rTfIPaSnsGOA8yeBAeHrLMoG5LC2pfHwtsFewkfl9YI2hUkEHyDE1jOgTeLrDJBzqRGmPoENFsC_fcN7LqxbYjxp_lLf-_qEU0KzjUyDAVCdw-nofLA2k_qk3udIpZEyB1QRQPW-5J-cGK_itiOE6j7pXY4bNSKxjHo0IN_Tho3k1RAbSRyevYD8DbRq-QSbG3aUHsYkdd_kbDyXfw4dJy7BIYVN7_F0pR2OyaAE16X_ZFUE063Syz5SoQkLQeuxFNo-zenQYeYeJNglO3ttixaqlmQQ_dXsUxlLoMzYwlMFnMel5Z1geDopu-EuE5r37vkB9kVPx-jkJhSrLJWkhj_FJT6S05zJo3lcZPfkuHnz3oXmb1_doK3NwTr84Zwyf0cEC7tnblrvXEdpbmGASCzNgZ50-mXxwkEbk7UzXYj1nUp-FjJq2V6cqep_nAzdyonF8RYZt3p-tIvQbPKmVsDwyoV2ryo9NNDJ0jPocZbj7mTOL3t2MhzVuZZkdkSzlXoVECiqqEcgD3ogrkN85PEBQasP7iRr416kpCGg03H0ZghJ66gYJwki9DBH0Or8_Bs_wGAGHM2ntsydYZKNDhxXUBbHD642ip-vCHwtwpPztMMFVFXBWsEC1UpJBV-ORyUvXU7ejU9jmzSyOxTj6gJHJQmRu5oY2CplI1rksHAeuJk0GjfjXRXeOjaXxyiKRzreG4spJbcwsz8EZyNv8gecMkVU0KXBUvxjGDo9SXvapzWjB8JqNZD-BmBV6oNG_OFZlrmOAJ3_3eEQWkpgjm2jkNEEq-m2qm_o9YI5En3TkINbfYt-ZiU2ILAJslYbCrP1Wr0VW59eLvwuFmVgYCSGDWHiwE6AAx7P6MAP7Sz1o_YiWQ93a8Ay09VtIelZebuOemca8C6_E3rC62wDZMPuVaVr8Sb4Tmcp7vZAf5YaLX-_cIdQRSPjqdtZPwAWTl86LuCRLjj0pT6Nqxin0RtcO8qPwCMiv427LbdSz2PhxUPs1aQkXIfvhM0iZ5MIA4AVZAEKtwEoqomR2ceLxXypJQ_zDnYKT5C56YuT8ugkjAb1cJrL163RdTP9iY-TPkGwMi0UDSUT44fgC02UoNf5DlisSHE4mdtEYkfddBChxxSRPWF14_xasLNl5qY3JDVzEjPZqY981as_I07GedEW5K50cIWft2hFcUKmeDXsDiRq7B2Q8zrI2L4VLwm1qanl-TMOz8Q09uSNwmpLi7-LErvX1pxprR6j2gxdsAmGHc1PpOqMAMrRTSX6lfPaU5GkNxuShrkSK98bevqoXrgf7C4ONmCoUoTFQNxQVlETyH1q4Tc-7_udYrUYm7WXvWLqkzZ2W3Hgw9T_AllqqoFiQAQA8_-V_akQA1pbS0Wa6HfbyA2lmEQaMPxmLyym7MCVqCQER9CWOvf2VOTeK6YDNtSwnwFxXRNLRQgoraPMPp4LiVhiD7QGxhQYHALg9YbbtnRVgurXRMspqmb1S5YQMd0nEqQWcr5fhbnVZnYxc8KKPqeMU9EvMhv5gAMwCQlzacAR6QkRe61HUv5If64gn7oQjVBPY-7wfsrvTi44mRoTe3xP5A7_WCGKIrza42lyKhQqk0efs8XXyX_OtWO2CHYlSPDaowZllkNTANOUieP55HeIlhCqq4M3nXjjt0-A97yTPifM394lcotnVUWcYN9siLdMUhPyOdPDtP54B_SMWUb99P8FlXzHOQv0XKQcNSOxV_bLCzuNXeQCaKQy1NJRfWIo_uy3HHXYBKYvHg_HPtbozRJcB9OWy5g9-Ncj91rjMLruJtfLB8kB1XZ1XG2dBuiQVajylzGGTzSAaHB-M8Au10XPwIP1QV6tLqv89KhC-m-H6fa7VlZv4t58rFqASIRt3dkVIeKQcKESSvyYBzyTnW3Sc60cuvFRkjlUBvwE56sRLXNsblHzFpSgUMa6Y4swwMpwQkKkFTKwo7FQb4kYjhcIU9clblWU-Bubogaz8sl8-UAiP3_QKWTyIEjJED7SBsb9KwCRjwoA7whMeEp8A9kzYXjkRZXENv0NDbZsAP1FseqMm5lDuMnPvzy4BLx-4ddsDakb-ToCI4BICmKtpzX-pWvu8eI8_BFiDLYi_3SGoc1uND80-8Pwv8tjDr-x4W-RteGVboUl5bkFIJCH1I3ibiAzypwZcdB0kyIVfEDX-VU6Un8la9Fp-SAkIxVNtgEqnXm_B0UifXG9-yILwEf_FOttIAFsPc6oW7vutnvW41CvzLkFd9KMwtDQ7oYdsp6y8BPrWNzzu7hTkZqevRS38rXn4mRiMpiyuyGZRB-DZ8B6DqZ1Tb9hM_iKS0hfjr1pV2czBMMxeFo5d-rBd2NNSQ7mBP-C6Z7QR727qI2scOtl2j_qHgSBuTjdBlgIeRtrM0wiBs-eVLAxF4vadgMf-T6Zhoq7BA7W8E5d_BRVtBH136stpyeJKkmTbsGEzU1VwZsQmmkovKvJl5iwzCfIJbTxfF51PD2zjI2cuPRA4DrRwgg1pIzTxgxGtb32eCytYziwNZrnyjXrfkGj_DSkoGFTrTy6MeUIEeYnlIdGVAO4O0u5SXVHGxLo6kLLwFeTYhI4OyPNcyDkQJEugFayF-NJSGok0M52Tg7XlScYOFkQ_N1OBTIwCIN4VySqPn0AMjaQtnJ1s0BH2JUSXxgtck2osc_F5jDcTb4kmR6rYK3pG2GZlFbKYdje0evbArk8MYsSQS_EbUBtw7acud4usmLMq8_KORU-wS4n-SHGdO2bVVg6ZYltqZF7KD0LPWMb5UCjO63ITCC1NZayJv_xV4skOpv7ORtuQAcvCDyHPpelSMi04TxPZgBBWH5T2CYrPoC6wdXRrltjyMdyXcYOhmhmlwAuqGcNCDCrrX61eEw7zRs7lnq6d1r8kDwlJcbFaQXMeH9jhYPcJfA8foUdern398jQpmXmGE8FypYgYjgO0NgkYp7mxaVtCFPhGQmWr3g8kJKYVkkWpVhebV0hXT9Wh1bLV4My2mTNbRRGZ1Pv2w_te8USg93nxEtkygg_uyzJyya4LZEP3qNZ-5SdqLjuiGRzVAK8A4st1c77XxQwfJu2Es3e_stumj2Ui_81BlmdfKfn5pk4P5spTXZlnjS8J-D_4trOpixaxZI71TIerqsGFMOqrkvijNe7OfLU2J9bfcGUuN4fEi5N4klruiQhWCY85d2fnipZPWF6N5kb9AL2Tx4ifjKsWJ4nUe4nqh7OYBXKty43Bace9TcmMclGkCGwCyxCdgsHIV77Kafa9No8Bp4PxZkyi41_kf-PlrqMbbMp78Ysd4Vw-YmtH18IaDpIYgj6aQ8AhAHQrP1Y3_GI6ERr6wdi2aBre-POwRb6_HmbTZzhqdl7Q2nyu7J6-Xs1XvitqFmKss1mMeTCO_2DzTIV9gipqJwtii8cxD7854aoR1Fh4GxV_HHIX7hMkpWOGQ8CuYTlW79j7woOFUekcu1E6yP8cn7hQny17g8Sgrf91LNB3yU75s9paZ92iRV4aDvXDoodqc2PbaJI1Gb2r7yaUurgAJIAdkWvvDN6tc4Xum1HXRU7n&cid=CAQSTgAvHhf_OUW7x9b2Ll24MyWBNhHqMWZJHgO8fv9G2PKD4mxtZL9K84s1kYhgDq69efBO3DfT4TMMyhGirdsoAF7mfnI8eEbffM0XoUdVvxgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.166.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f155.1e100.net

Software

cafe /

Resource Hash

eabaecedae11d29e49159e596879f2c243163f361525f2d35f09c053788cf79b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17630
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame BBEC 0
54 B 661ms
232ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lsu2gz21&c=7638791893712&slotId=3819395946856&qqid=CJW14tG3uYQDFYwz-QAdNoQIvQ&fb=outstream-lima&sei=44752538%2C44776384%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BBEC 15 KB
16 KB 373ms
168ms Font
font/woff2 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f3.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:49:41 GMT
x-content-type-options: nosniff
age: 601307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:49:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame BBEC 15 KB
15 KB 397ms
194ms Font
font/woff2 142.250.186.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:51:30 GMT
x-content-type-options: nosniff
age: 601198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:51:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBEC 0
20 B 145ms
144ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Chvx8_lnUZZW-Mozn5LcPtoii6Av7__DEday0rZz5EeSsjKLEPRABIIK6uHxg-br0g5wQoAH_8afcKcgBBakCsIL25vd4kj6oAwHIA5sEqgTrAU_Qin2-xYiwe2SwQXYMuWmIopwDbTvboSikSfkbAtHK8MvpjWoCl66qbe-PFlo_irqW66-ejL2lsD-CUueZ0DV0HTTSz1Oh6JEiQ_2l_XtTO3EpzC-prWXF-3c9LUpm2qB7CoexmupmPOpS7FngEFMqLo6JE9O58ei5KZkCxfXOIxTbrpc2pICiTDYzLukhF85BzI47l2O9As8dnwxxQq7z_Li-XKAft3zInrHcgZutHHNnfrZGlPCvwxnjBGPL12Xrd9DuXN9Ohe2MJ8TGZFseKl1IKyx8IYg5CcUE0L2p_C8Bm-ESfOuv9CfABIbBm_-8BOAEA4gF_bzdtkuQBgGgBnaAB_-p-LsEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAtgHANIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOljUv93Rt7mEA4AKAcgLAeALAYAMAaoNAklMsBO4n7kWyBOdopXjA9gTCogUCNgUAdAVAfgWAYAXAegXBQ&eventType=clickstring&clientTime=1708415487915&ai=Chvx8_lnUZZW-Mozn5LcPtoii6Av7__DEday0rZz5EeSsjKLEPRABIIK6uHxg-br0g5wQoAH_8afcKcgBBakCsIL25vd4kj6oAwHIA5sEqgTrAU_Qin2-xYiwe2SwQXYMuWmIopwDbTvboSikSfkbAtHK8MvpjWoCl66qbe-PFlo_irqW66-ejL2lsD-CUueZ0DV0HTTSz1Oh6JEiQ_2l_XtTO3EpzC-prWXF-3c9LUpm2qB7CoexmupmPOpS7FngEFMqLo6JE9O58ei5KZkCxfXOIxTbrpc2pICiTDYzLukhF85BzI47l2O9As8dnwxxQq7z_Li-XKAft3zInrHcgZutHHNnfrZGlPCvwxnjBGPL12Xrd9DuXN9Ohe2MJ8TGZFseKl1IKyx8IYg5CcUE0L2p_C8Bm-ESfOuv9CfABIbBm_-8BOAEA4gF_bzdtkuQBgGgBnaAB_-p-LsEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAtgHANIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOljUv93Rt7mEA4AKAcgLAeALAYAMAaoNAklMsBO4n7kWyBOdopXjA9gTCogUCNgUAdAVAfgWAYAXAegXBQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame BBEC 0
45 B 648ms
232ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lsu2gz3g&c=7638791893712&slotId=3819395946856&qqid=CJW14tG3uYQDFYwz-QAdNoQIvQ&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.yn&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame BBEC 32 KB
18 KB 326ms
140ms XHR
text/xml 64.233.166.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-CTisE1kl_WDTo_GRCfOEeMMCVRlwLpX2nW4lOcSrW2W2mHKU0m--vSP1ATPCSmDeURRbyO6kh2cXPnAojHDUbNBSomAA&cry=1&dbm_d=AKAmf-CXcmKsfZb4KW9OYI55jPzNV1dynDTgoFsht3ZuXW72iBi3p-wqmzJJloNaOq6eeXuiL-O4BwsVR2LkePPKxw_VAO4C2mLvI9WffU9UtRFr_AXOX6KH-XhneXfA8AWM1sODIUdFIowuNjCjrAPy2TbvhuVv1oN7eg2BtbVSeDdLPcST62YC4up2AwWOKKyAxbgJkkQSBT3juR7C8kknk7fVNjxL82PnfxJW-YEltONkvg1VtAUyd7bjLo9_7FLjLJkZF4blN1lJVgvUJSlH8CYwGP3X5meAYY_97POZjhGEb4HczoZB9iDvdNzaI6m1JfDPcYzYD5U8yB32yVrWIwoYf-P5hOHQswAUwQS6Vd0NpCJkHIrnDktdO3-rIEtn1oXINECP4yEjbv4hb20n2HhYrkVD2PY-0wBfCvKIA4Zuhv7PsBw40hItxMNGPgaadY-bpCEPPVobciAxgjr6fETL37W9YcEqaex-DRlozJMuETkc5hGP3YhcpUwYsl3PlCXLInzzqo3aK_HDhZhvwZe3YuSbMtkeLh7d51y6RVrvwLk7xR4JPfxsysRMUruUY2VIfSjVBTxMTcJWMvGIt7xlCcjVPRDjlnlLJC8y-vFJB4_evln3o6GUshURu6pxySuwxKzS2J3KXFZSz34iz-JbLxxpHIprjZFAXBlw3YKQUWH7LbvReVIlVZqW-xaBKB1jYN8Si2XX7XbhGAArM3-fzeQlNOdwfRHTa-_2QkOBGGGnVqPn_3UkBeWBCi4RnUh-bhQhaXL8S4Q5GTegOaPMhvwwnzxk38atneclaWf3k9oXJauXnU6hI790ir4uaGaOTVd9W3-j0yYIWdPWilpGGlN7GiX4jKdk9o1oZLfflAz3C7i4Lrk9MxT1Hs3g5aQOPC35J9x1qFGIxoWR-AFoJihmBbkqYMEAV5m8425DIvPgvXNu0HGxNi88lEPZDlXX3bDI9MBXvCrPOD3i70V60zkZS7M6NAaglojAJDvJnxcykjXj-6M0euX4k42Kp67yq02-k1Oy6g0gjQio1RBXOyF2l3OoxX7pnHuSRUE2CwPeNGbfFVt9obHPXqyeMoIHxioikhPxI28g-tKw4kXTfRPZnYtVzmw5kJINxFLQSriS2AvbihiIEQ4MtC3e6zAgMWlIJRAc7ozieZE8LFuBExGfuZIBGINExIwr3HYvxd07LzizEgZJcvhljRv9CrgX3_hmDOcxp9NAbY7wh8pzmWz9qduBW1EmiZykhxcMW_wEQeTtpafi8DXAunwBCuJwhDFdgNlkhUdxZzWU_4uwBYaLRPBx255_BwkmSJfKVGutxWdPWqhbV2vIWy8ka0bIqMOp8DEUKfeawCH7baxDwcRjgwQx7ZWMviSq4yoYKhynBuNhGSE9KgMNvwGSbpV0s8ZOWxk1AxvOSACi-OzZFDJEtAyVN2m1qM4aQ9lHldBhVYCI-9XrnBcKrCn1GqxYMfzncjFAWS_W9wstRy8o_-ukKwo8jBZKo4Ng9H1G4n6T5dk5a8J3Ts_C_tTWzqViiNOOlqOj3O_9qwpI2sUvwafz02zt1bVvYXnhRu-EeRxx5bxf_jmPIES12UE3RPM6jcRN2sGSCGWoF0x0swTscyaqk4ajm4UuSGg13XHawBSu2vNp2UiK4tUAAPq1ueoC1I0yGJ4yF5_IOuUI0DyPfPoAlF66lJB7fodZpyFJ_BQEJRfOQD4hdnZiWnpJnJlwq0cXooaX0qqDs8JNY3NkgSW0hDpLfBlU2MoxKMS_1ZHUJukgOErVvvuhSVFdaroYYwEkVs12G9VCHSCBiVYPaG8YabNxnuCeVMMyTxLjbK298tb3OBoNp1PfQNFAtud7Sk9_58MuyZQHnZXT-p4_-maP0BhBcTlNPQflM2pMTL9c8b09pftUPNGbqSUd381tE-jDodQAd2oWOGjBlBbLdV5F_5m-60Vp6oJqcjIm6FUubNHt6Vx7_CtcOb2lNbanUexGYbetk-GiEEVYOOjzy62idLvSnX2Ste3op8JauLjVj5eGEJrj1QqmFObYn1-VHqLAXYzUimbhuNOXwHD9oWdLlGuLFJhTfZeZjodSnDODVIjDdZei80PO4r9PLAbXlwdOCMBoxaedN7qLnYUMlTaNFu4euhizQjQlW8oPGS0lM5Dd63kwd8Zk3JY5gU-pd5opztQK_qtnnco39p9p9jGf5ttqY-9qrSeIyRTvvRjq3tPBYWVQQbLcTTDr0ENqvshpvHr0Z2Pu6yY9g2I5tIheDCvF4LIH9icLQVoovM70HAqrjDqwXUEuzscVl9KWgd5at7D3Ux9p_3ktAsQG-0eJsy7Gf9w5U4a8J8cIjELPRLuQ5taYh25tt_mQugrGKrpApuu8x8jKH3TPjcoFtubET2Ln-bPFJmIkCVA2jHyaqldKsbBs_ByZZ_5YB4JlrY71sO-fYT9eLNyvxsK6mtGkECydM0K2-CMbJE_KJtxva0OLXl4cnuybi9whr3OlRP68QPk-evsl3LfAeOV-li2Pibi36Zf1-Dpgl_ylvW2t7BoEXuBBnQPtu3v7bQZ8qTFQ6OTxFNI5RjtSBT-eRQdydFbqZD5OaviKVhdDTyzznHZ6OZdJH8yhVAlEVKMAy9uq7hUzPHZ74LZmMe2X_gfmSQVzpEhuLyMNEmjFmQrVlKlFXng0GG7FWYFDzkNZYvgIIskemP-6A9w1uNyFKUGHwJ6IuGddWznahokUEEo1DfPwxgNDBu5fl0vKn9VOd7bvWGGgpHaI0l6E4nCz8UxSXjGdKrO7uzNpsTf8g3Qr-OsHDZHNK8vMW23KNxoTS9KoQFPOY-k6sY_hRWV_mMA2mcRd0Vvg1-HV9MKOFz1h7axY3eizPVI6N6KzR874JucA6DOz-s6INE7Oei2JUAOOq1jPoZmHW_4_W0FtV0GehHsIlHuOGK22qQsYId5TuVS-tvOf898oVAQ1USNMmwWqsOPdfLWmijkhY9_YfOs9pZRIqZJRMtPQoMsxlftLtOyV_J6gzE68qFZWdOQNEnx_tfEPimg70o69yCY2XgvUfuqB95QoU1TmJVd_YS3KJxJEgUNeFPEkygp-UNQBfPh3rB8UrQ0_cYxR1f5OVPbvwZL8u5DWFx2lSaVgwnHxgKx9Y7Hw-KphH6xVip8k38IJSLLVPQWMmGRFWhpaQRSEYiZNRMEE50UN0LPvWxeGRr8nshY4IWqV3Tgl4EMDAsSLen7hgP-rTrONMHN58wbuofm3OBiS3aYg-cREIuhw4E7CAngGGr4lhdFfvQF_M3i3xORYWVxPbwJ18ciU6Ia_K0hTetV5IZECx7xSk8TxJ31ZG-6NE_HEfdr3usoROit92fMPk1pvsy4r78zXKg3BYbr2IXLpMZ84zzwxyX2SxSESw1fVb7V3BHbfzTuSl4hW4t_aJ578W3-huAQaG1zrLu9Cz_MPOwmeIDx8QyLjqrI-H_IlOY330Pr5bRkcGxOjf-MynFvUp6jsf6BX_D71cqgi3wAc6R1tgTRTePGm1Ka5a4fVEB5yKn5lHimMljFQpXzb6uPXtHYptKhvqj8OAP6hyE78P2QdZEs4WmiyOLTo9jPczTXWVrycXDkUehuwZokUPlVXG2QznPvbM9uR8aCGVgTVtM43vmtkQvROx_qZXSmoqgKnTyqF8tKd-jpsZnt3xHFOckMQiYVx4lDqAzJ8CJfm0iZIF4CRob16kESx6B-qmrP6lnOmSlUYoNmL_5VpG40BirzdibvAx4xb0mSx06-QSZdeqjUVeNxj8p1EpPth_H7Q9BijoTeGq73zSwCPP0BC6Fy1T_fTGD-prJplzK5HIGHU5SxUfCdQLoZs&cid=CAQSTwAvHhf_YruNQ7AAP46NlXExhG19fbMIA9Liip9FuiwsqNLVD1wE6tGWg5hT5yPnIMJ1JE1dp4vI1ArS7FY2OC4OKIYjKR_7G-TiEzg-2HcYAQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.166.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f155.1e100.net

Software

cafe /

Resource Hash

a293858037c26780c417f84bbfd6f8a04cc62efb032d02cda106b285d1eaff96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17552
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BBEC 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5703b76412c27612085e569f57b0b34c7789fb9e5e7d90d17c1cc029ac8a0ab9

Request headers

accept-language: he-IL,he;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7C71 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f817a5ef3f070ce44dc957dcb0579e6f14aa5aef2c51dd98edd9107fe4f0550

Request headers

accept-language: he-IL,he;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 93FD 0
10 B 114ms
114ms Image
text/plain 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?hFwwwQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 144ms
144ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 204 csi
csi.gstatic.com/ Frame BBEC 0
234 B 257ms
231ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lsu2gz3v&c=7638791893712&slotId=3819395946856&qqid=CJW14tG3uYQDFYwz-QAdNoQIvQ&fb=outstream-lima&vast_v=2.0&vmfc=10&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame BBEC 41 KB
15 KB 119ms
118ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 600683
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:00:05 GMT

HEAD
H/1.1

200
OK

file.mp4
r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame BBEC
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

238ms
60ms

Fetch
video/mp4

74.125.98.72

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/098B6DEA55DAB3FB219799BB39318E4446297E48.40D4A1538B79CDFFBDFCCC5CFA92164802775EA8/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

HTTP/1.1

Server

74.125.98.72 , United States, ASN (),

Reverse DNS

tlv04s01-in-f8.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Feb 2024 07:51:28 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 10445532
Last-Modified: Mon, 05 Jun 2023 07:48:24 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Tue, 20 Feb 2024 07:51:28 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:28 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 642
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/098B6DEA55DAB3FB219799BB39318E4446297E48.40D4A1538B79CDFFBDFCCC5CFA92164802775EA8/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame BBEC 453 B
588 B 130ms
125ms Image
image/png 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-9176521898341909

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:41:28 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame BBEC 0
54 B 234ms
232ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lsu2gzel&c=7638791893712&slotId=3819395946856&qqid=CJW14tG3uYQDFYwz-QAdNoQIvQ&fb=outstream-lima&gpm_i=8&gpm_c=8&gpm_a=8&smb=Infinity&br=2019&mt=video%2Fmp4&vs=1280x720&msm=1&aits=0%2C18%2C22%2C692%2C59%2C342%2C343%2C344%2C345%2C346&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.19u~atrd.1aa~videopreviewvisible.1ak&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 67A4 436 B
234 B 484ms
482ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1708415488&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415488010&bpp=1&bdt=3050&idt=-M&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9158258ddde88272%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_MZF4zrK7DclzoQ_Uck-KWoIyf8TmA&gpic=UID%3D00000d5ccfa30708%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_Ma_h46QlglowNzg_y5qYUCNPBi6LQ&eo_id_str=ID%3D2650d2239007434e%3AT%3D1708415486%3ART%3D1708415486%3AS%3DAA-AfjaCB6IUF9pTtrCCIrIgAZeU&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGskM2F8qBd_-K4bCGl2HLTSZb6MpiDibxc8WvQEBPSCk-gdOTjTMkF-wQPkH-WNx71uwNN0te0qELt3Nr7LEDh5jaNnS%2CAOrYGsk8N3nTcT5MaCE8uQC-7scTgsh8r_UB66AP7HhPodsGSnFDzAMh5OTckob4ccLsPLotfGS4LIHd7b1GKJge4ohGEQbS&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=420

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

fe52b1bfdf57839c3ce37204306ab9b9b3a3a2af7fc1468ecfee01e65efb552f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:28 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 683C 436 B
234 B 484ms
479ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1708415488&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415488010&bpp=1&bdt=3051&idt=-M&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9158258ddde88272%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_MZF4zrK7DclzoQ_Uck-KWoIyf8TmA&gpic=UID%3D00000d5ccfa30708%3AT%3D1708415486%3ART%3D1708415486%3AS%3DALNI_Ma_h46QlglowNzg_y5qYUCNPBi6LQ&eo_id_str=ID%3D2650d2239007434e%3AT%3D1708415486%3ART%3D1708415486%3AS%3DAA-AfjaCB6IUF9pTtrCCIrIgAZeU&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&psts=AOrYGskM2F8qBd_-K4bCGl2HLTSZb6MpiDibxc8WvQEBPSCk-gdOTjTMkF-wQPkH-WNx71uwNN0te0qELt3Nr7LEDh5jaNnS%2CAOrYGsk8N3nTcT5MaCE8uQC-7scTgsh8r_UB66AP7HhPodsGSnFDzAMh5OTckob4ccLsPLotfGS4LIHd7b1GKJge4ohGEQbS&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=434

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

29c93b161db651fe77e7d3dece7d5e3a9628f04ed486165cac23368ef46c5600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:28 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/ Frame 2340 9 KB
4 KB 114ms
113ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 2057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:17:11 GMT
etag: 3890843268177463596
expires: Tue, 05 Mar 2024 07:17:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/ Frame 2252 9 KB
4 KB 113ms
113ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 2057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:17:11 GMT
etag: 3890843268177463596
expires: Tue, 05 Mar 2024 07:17:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/ Frame FDC5 9 KB
4 KB 114ms
113ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 2057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:17:11 GMT
etag: 3890843268177463596
expires: Tue, 05 Mar 2024 07:17:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/ Frame 1B7F 9 KB
4 KB 121ms
120ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402130101/show_ads_impl_fy2021.js?bust=31081219

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 2057
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:17:11 GMT
etag: 3890843268177463596
expires: Tue, 05 Mar 2024 07:17:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxVcnEToA7WKKzKHfABXKfE624izFlKmrJWwdmxgLsiOy6tf0EZ2or0aWTgXrVuAn2Dc1YhuKGn32qyC0QJih4kj5hoarWqM6fkRhrkuLOTaZvBBb31oO4SaFemBM2vEHd2brUlfyA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 145ms
144ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVcnEToA7WKKzKHfABXKfE624izFlKmrJWwdmxgLsiOy6tf0EZ2or0aWTgXrVuAn2Dc1YhuKGn32qyC0QJih4kj5hoarWqM6fkRhrkuLOTaZvBBb31oO4SaFemBM2vEHd2brUlfyA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4NDE1NDg4LDU2NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIm9IUUI5T2U3Q1U0Il0sWzksIml3Il0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.iw.oHQB9Oe7CU4.es5.O/am=YA/d=1/rs=AJlcJMyy-n9x2hCh6Mp_ekEp8CX4wFCm3Q/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

16afd10c5c7dc7e0002b26134df5ae508a7856f7ea6aa136d67d59acd5eeee84

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-D31QM1UDwvh_0362ipJ9lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
content-security-policy: script-src 'report-sample' 'nonce-D31QM1UDwvh_0362ipJ9lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsOoxSXF4KkhxXDi1m2mC0B83ukO03UgvqjylOkmENcyPGNqBeIH4c-YXgCxgcZzJgsgZvzzgokTiN99eckk8PUlkwQQawHxO8lXTN-AeIePBwvfuumshuuns245M511DxDHPJ_OmgLEi1lnsK4G4imBM1jnALFT-gzWECD-nDmD9TcQ-9TPYI0DYiEejoYtF9exCRxoadvGBAALZkkF"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 7C71 0
45 B 232ms
231ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lsu2gz2v&c=7910007095899&slotId=3955003547949.5&qqid=CM_w4tG3uYQDFYOg7AodGHoNNw&fb=outstream-lima&vast_v=2.0&vmfc=10&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 7C71 41 KB
15 KB 117ms
115ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 600683
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:00:05 GMT

HEAD
H/1.1

200
OK

https://gcdn.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag...

0
0

238ms
60ms

Fetch
video/mp4

74.125.98.72

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/83EED14EADC129600032C3637BF1E66EB844020E.3849E6109E74D88943E51AD50F8E7BD585032B8F/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4

Requested by

Protocol

HTTP/1.1

Server

74.125.98.72 , United States, ASN (),

Reverse DNS

tlv04s01-in-f8.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 20 Feb 2024 07:51:28 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 10445532
Last-Modified: Mon, 05 Jun 2023 07:48:24 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Tue, 20 Feb 2024 07:51:28 GMT

Redirect headers

date: Tue, 20 Feb 2024 07:51:28 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 642
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/83EED14EADC129600032C3637BF1E66EB844020E.3849E6109E74D88943E51AD50F8E7BD585032B8F/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 7C71 453 B
512 B 115ms
113ms Image
image/png 142.250.185.170
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-9176521898341909

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f10.1e100.net

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:41:28 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 7C71 0
54 B 232ms
231ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lsu2gzlq&c=7910007095899&slotId=3955003547949.5&qqid=CM_w4tG3uYQDFYOg7AodGHoNNw&fb=outstream-lima&gpm_i=8&gpm_c=8&gpm_a=8&smb=Infinity&br=2019&mt=video%2Fmp4&vs=1280x720&msm=1&aits=0%2C18%2C22%2C692%2C59%2C342%2C343%2C344%2C345%2C346&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=22&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.1ge~atrd.1gh~videopreviewvisible.1gi&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 34E8 23 KB
8 KB 115ms
114ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

accept-ranges: bytes
age: 580749
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Feb 2024 14:32:19 GMT
expires: Wed, 12 Feb 2025 14:32:19 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 146ms
145ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240215&jk=2089597695575073&bg=!GhmlGVbNAAZN4L4YbeA7ADQBe5WfOLBw8FaZVEP4e4S1g42zh1c0GTzkVzuEQbRDECXA2q5TIfqjwhEiNWZy28nOfOuVAgAAAUxSAAAAA2gBB5kCtWiqTc45-JTHqrF9N0HQ_ovBf5GbI7LmFhBBe13ZjNO4pz_ztxfkS9PTz9FuezJTJyEScHGnB3BLgRCbUVR83gE_H8hzaIJja0HA2oAR6Bo7Fag53nItO-tcSW32tprcMK1Zu9DM3R8-oypHMzdnt68oLt2z_2dbH2UGCtYWF5I1JhWi9EKFUKixfekw4h8XK0gwXmSCpUxH5hPbGjip8VrAjAubSawcxfJ9rNfauRcx1tDuzyPAO6bnyTuyvee673M-4Um9Gg6NuRjZuW8nKuSKxeN2jLrMvtpA4ocmzowwWceMjLBmQGrEhDaSP7_v4t4i-VgyGWFRmIDsKX-YJvAO6xwLXzXoSWz5ZxWSKwlQD1q1Xcz71G6ajnivf8KgA37C0xWuKHLsObVswqXuyeXH1MJyUXq3XPSNOcDrrSDSBJiXzlmmPEeAh3EUtWoydLUY_Zy2qIk5oEHAgvoBfHfrfS6AiPaO10ApjEO8I7G3nYxCzK1DXh3Lw6d6R0Tn2SkvbEXl3e8EwIelWNXPOiGhYzcGsiieRAL7Pf17fJs_f2TdehXujSX0h5xFTySl_XPJgb0xcBGXPulETd0qGywlspNHPBrkaXCqNJXDPKfYqWZNa59bOok_qOB1AceOeNCkUmGGuAIt4PxgTBTBdn44X21vPoIvGtz7EWxgRXSB6_vMCIQi9U536Z6hGF3dvt6nsk7_T97PJgPEb4MUR1hOPHSrlquOwa8YH3bObjBIm89QzvuBiHAxOWZz3VuJNSFmeg8xZjMc2EKUPfH2aMts4k2eTgG7GOm-YE-E5Vor5Dxlx_pj_ZqCd0C8kYuDjDNKdMD0vHvVDIosvDo88xt8RZT9vNL00HHvLSHIP1zeUwcxlQG0xerArya_dXLrG-eHClPxn0eLSB_TUBSPBABuQJOG3A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 css2
fonts.googleapis.com/ Frame 2340 5 KB
790 B 124ms
124ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Feb 2024 07:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 07:25:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Feb 2024 07:51:28 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2340 205 B
296 B 413ms
174ms Image
image/png 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 23:53:15 GMT
x-content-type-options: nosniff
age: 547093
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 12 Feb 2025 23:53:15 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 2340 604 B
920 B 409ms
170ms Image
image/png 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 04:03:39 GMT
x-content-type-options: nosniff
age: 532069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 13 Feb 2025 04:03:39 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame 2340 15 KB
6 KB 117ms
116ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

0e33434b042c688fa1972d51e9c103fe592fca7a4dd50358c08449c7b0f5cb4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 19:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44199
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6487
x-xss-protection: 0
server: cafe
etag: 9214289930287671984
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 19:34:49 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/ Frame 2340 22 KB
9 KB 132ms
132ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

716b2a35acfc8e6a247c9e4d9e3c32dc2354b3a8a6e6481835a64b783a5ba4a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 17:08:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9141
x-xss-protection: 0
server: cafe
etag: 6041988417631582345
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 17:08:34 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 2252 23 KB
9 KB 118ms
117ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1819 143 B
166 B 116ms
113ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 1234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:30:54 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 2252 3 KB
1 KB 214ms
213ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 2252 20 KB
8 KB 120ms
117ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H3 200 4981101215758561606
tpc.googlesyndication.com/simgad/ Frame 2252 30 KB
30 KB 252ms
251ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4981101215758561606?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnHsYormAClDe9pu1oeLmPuI_eELg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

3ee4fb37951fdeb6b41843ff93de4c099d7a7ebcfa982352b7348f96de305ca5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:26:19 GMT
x-content-type-options: nosniff
age: 1509
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30399
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 08:22:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 19 Feb 2025 07:26:19 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 2252 204 KB
61 KB 114ms
113ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-2
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:28:42 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 2252 36 KB
14 KB 216ms
215ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 17:20:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14610
x-xss-protection: 0
server: cafe
etag: 17234995959194474601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 17:20:10 GMT

GET
H3 200 4981101215758561606
tpc.googlesyndication.com/simgad/ Frame FDC5 30 KB
30 KB 252ms
252ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4981101215758561606?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnHsYormAClDe9pu1oeLmPuI_eELg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

3ee4fb37951fdeb6b41843ff93de4c099d7a7ebcfa982352b7348f96de305ca5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:26:19 GMT
x-content-type-options: nosniff
age: 1509
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30399
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 08:22:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 19 Feb 2025 07:26:19 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame FDC5 23 KB
9 KB 270ms
270ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6F20 143 B
166 B 114ms
113ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 1234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:30:54 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame FDC5 3 KB
1 KB 275ms
275ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame FDC5 20 KB
8 KB 117ms
116ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame FDC5 204 KB
61 KB 115ms
115ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-2
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:28:42 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame FDC5 36 KB
14 KB 277ms
277ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 17:20:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14610
x-xss-protection: 0
server: cafe
etag: 17234995959194474601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 17:20:10 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame 1B7F 23 KB
9 KB 285ms
285ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5346 143 B
166 B 113ms
112ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 1234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:30:54 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 1B7F 3 KB
1 KB 289ms
289ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 1B7F 20 KB
8 KB 115ms
114ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H3 200 18168764318186423978
tpc.googlesyndication.com/simgad/ Frame 1B7F 27 KB
27 KB 304ms
304ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18168764318186423978?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4ql1F2V5xmueY2gvLFJp4nKklfopSQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

d3d3735e6f3278b24d9a20fb50db72c37c0bbcec41fb32554e3fe9bc33468e22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:25:19 GMT
x-content-type-options: nosniff
age: 1569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27300
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 08:19:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 19 Feb 2025 07:25:19 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1B7F 204 KB
61 KB 122ms
121ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-2
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:28:42 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame 1B7F 36 KB
14 KB 290ms
289ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 17:20:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52278
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14610
x-xss-protection: 0
server: cafe
etag: 17234995959194474601
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 17:20:10 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 29EB 23 KB
8 KB 116ms
115ms Document
text/html 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

accept-ranges: bytes
age: 580749
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Feb 2024 14:32:19 GMT
expires: Wed, 12 Feb 2025 14:32:19 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7C71 0
20 B 209ms
208ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=34&d=1&s=1&f=0.01&li=v_h.0.0.0&bgai=BO7u8AFrUZfqnDMLmnsEP5MeLKAAAAAA4AeAEAg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxVxLNThw0LPqRsIDTA2FFCreRAROnsMq4KxriWbFL6CZ89nB3xkOu1kQvZsF8ZBcTvw31n555bu8kIeb_Xs00BTUlNFatbHxyUWkwsiYhzlJRjF0hoUIOF2ssxj-5aHdXnc6BM3Sg== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 143ms
143ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVxLNThw0LPqRsIDTA2FFCreRAROnsMq4KxriWbFL6CZ89nB3xkOu1kQvZsF8ZBcTvw31n555bu8kIeb_Xs00BTUlNFatbHxyUWkwsiYhzlJRjF0hoUIOF2ssxj-5aHdXnc6BM3Sg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4NDE1NDg4LDc2NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmJhYnVwLmNvbS8iLG51bGwsW1s4LCJvSFFCOU9lN0NVNCJdLFs5LCJpdyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

9a8a09f97d4c0bc8c5f9a3f133737638c207986c9225e39afd7a5a750f71b3d4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UQTTKnfUMY3r8i1SkRPobg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:28 GMT
content-security-policy: script-src 'report-sample' 'nonce-UQTTKnfUMY3r8i1SkRPobg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KAhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6Ohi0X17EJHDhwfgozANd4RFI"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame BBEC 0
0 151ms
150ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnUAQ_lnUZZW-Mozn5LcPtoii6Av7__DEday0rZz5EeSsjKLEPRABIIK6uHxg-br0g5wQoAH_8afcKcgBBakCsIL25vd4kj6oAwGqBOgBT9CKfb7FiLB7ZLBBdgy5aYiinANtO9uhKKRJ-RsC0crwy-mNagKXrqpt748WWj-Kupbrr56MvaWwP4JS55nQNXQdNNLPU6HokSJD_aX9e1M7cSnML6mtZcX7dz0tSmbaoHsKh7Ga6mY86lLsWeAQUyoujokT07nx6LkpmQLF9c4jFNuulzakgKJMNjMu6SEXzkHMjjuXY70Czx2fDHFCrvP8uL5coB_vfUK_us4qqj-Jta4_YI-acgDfn0wu4g795AZl9uSK1medAyn67keDnzEERZCOm2CnBf0m6RxHTni9-T1SQIBNUMAEhsGb_7wE4AQDiAX9vN22S5IFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGdoAH_6n4uwSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAfVyRuoB6a-G9gHAPIHChC5swYYue3s7AHSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY1L_d0be5hAOACgHICwHaDBEKCxDAu9u4vae_m80BEgIBA7ATuJ-5FsgTnaKV4wPYEwqIFAjYFAHQFQGAFwGyFxwKGggAEhRwdWItOTE3NjUyMTg5ODM0MTkwORgA6BcF&sigh=lMSHLt1jOqs&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_YruNQ7AAP46NlXExhG19fbMIA9Liip9FuiwsqNLVD1wE6tGWg5hT5yPnIMJ1JE1dp4vI1ArS7FY2OC4OKIYjKR_7G-TiEzg-2HcYAQ&vt=10&cbvp=2&vis=1&nis=5

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655
Attribution-Reporting-Eligible: event-source
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 34E8 39 KB
15 KB 185ms
184ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:13:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77864
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Feb 2025 10:13:44 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame B791 15 KB
2 KB 122ms
121ms Stylesheet
text/css 142.250.186.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%7CHeebo%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.74 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f10.1e100.net

Software

ESF /

Resource Hash

f17e4508470310b98ce20e740d4eb1f88c59f4982a516ef254cb0e4139b9bd45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 20 Feb 2024 07:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 20 Feb 2024 07:51:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 20 Feb 2024 07:51:28 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame B791 2 KB
822 B 267ms
267ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/ Frame B791 23 KB
9 KB 266ms
265ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8991
x-xss-protection: 0
server: cafe
etag: 11525033739721728465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1993 143 B
166 B 115ms
112ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

age: 1234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:30:54 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame B791 3 KB
1 KB 271ms
270ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:14:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77807
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 10:14:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/ Frame B791 20 KB
8 KB 120ms
117ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240215/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 16:59:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8220
x-xss-protection: 0
server: cafe
etag: 16176141338659805634
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Mar 2024 16:59:21 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame B791 204 KB
61 KB 124ms
122ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:28:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62824
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-2
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 08:28:42 GMT

GET
H2 200 c0f9635aabdd33ab086e3930fa461563.js Show response
www.gstatic.com/mysidia/ Frame B791 36 KB
15 KB 193ms
113ms Script
text/javascript 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c0f9635aabdd33ab086e3930fa461563.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 07:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88407
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15250
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 00:22:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 19 May 2024 07:18:01 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1819
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

156ms
155ms

Document
text/html

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:29 GMT
expires: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:28 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6F20
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

127ms
127ms

Document
text/html

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:29 GMT
expires: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:28 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1B7F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 193ec9ef1ae295ac0b2cd35dd3251c1e0e10f12e2d26adc463e3a18836a0f2f9

Request headers

accept-language: he-IL,he;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5346
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

126ms
124ms

Document
text/html

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:29 GMT
expires: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js Show response
pagead2.googlesyndication.com/bg/ Frame 29EB 39 KB
15 KB 112ms
112ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ke811GU8D9oP10uMu54EDqWuI5DGCOjC6vNIGcZJ2dY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Feb 2024 10:13:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 77865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15261
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 18 Feb 2025 10:13:44 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1993
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

131ms
131ms

Document
text/html

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: he-IL,he;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:29 GMT
expires: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 07:51:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7C71 0
0 148ms
148ms Fetch
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNg2E_lnUZc_5MoPBsgeY9LW4A_v_8MR1rLStnPkR5KyMosQ9EAEggrq4fGD5uvSDnBCgAf_xp9wpyAEFqQKwgvbm93iSPqgDAaoE5wFP0M6CO4Dn6g0wCWlNgNa31s26ak6g0m8jriYKj-UmdBXg1WKwHPXUyyMMftz6UXfFYOWIuHFY3L2JP5xXf98GzAmzwOZOLgotzfnyY0M6xUzpL1z4kZkmdQitb3mpSpX1qgr4SC4dO9uC48pwfYBITWb30vr88ZN6mwQ7LM2a6QQjh-e7hQ9juZeeoC8dD2Vln7jH8RCuvy5luHbJTBXZMg4DpW8Fa1ume2Dv8329G8lC3b3uwsDqF2mQfi-MEdiQc8bpF8aD_9B-DGjlN6_p6EkWtCqSgZJ-EU5S-y_4sAcDYMNKHfLABIbBm_-8BOAEA4gF_bzdtkuSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBnaAB_-p-LsEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwDyBwoQpc4FGLnt7OwB0ggkCIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WNGQ3tG3uYQDgAoByAsB2gwRCgsQwIb_luePp6aWARICAQOwE7ifuRbIE52ileMD2BMKiBQI2BQB0BUBgBcBshccChoIABIUcHViLTkxNzY1MjE4OTgzNDE5MDkYAOgXBQ&sigh=IJ17Gds6y7M&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_OUW7x9b2Ll24MyWBNhHqMWZJHgO8fv9G2PKD4mxtZL9K84s1kYhgDq69efBO3DfT4TMMyhGirdsoAF7mfnI8eEbffM0XoUdVvxgB&vt=10&cbvp=2&vis=1&nis=5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486030&bpp=1&bdt=1071&idt=654&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=658
Attribution-Reporting-Eligible: event-source
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 206 file.mp4
r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame BBEC 5 MB
0 124ms
61ms Media
video/mp4 74.125.98.72

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.98.72 , United States, ASN (),

Reverse DNS

tlv04s01-in-f8.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 20 Feb 2024 07:51:29 GMT
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-10445531/10445532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 10445532
last-modified: Mon, 05 Jun 2023 07:48:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 206 file.mp4
r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 7C71 5 MB
0 122ms
60ms Media
video/mp4 74.125.98.72

General

Check archive.org

Show headers Download Go to

Full URL

https://r3---sn-ua87zn7e.c.2mdn.net/videoplayback/id/368f431842991a55/itag/22/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1739951488/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/83EED14EADC129600032C3637BF1E66EB844020E.3849E6109E74D88943E51AD50F8E7BD585032B8F/key/cms1/cms_redirect/yes/mh/g0/mip/31.187.78.102/mm/42/mn/sn-ua87zn7e/ms/onc/mt/1708414435/mv/u/mvi/3/pl/24/file/file.mp4

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.98.72 , United States, ASN (),

Reverse DNS

tlv04s01-in-f8.1e100.net

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 20 Feb 2024 07:51:29 GMT
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-10445531/10445532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 10445532
last-modified: Mon, 05 Jun 2023 07:48:24 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 1B7F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CYFy5_lnUZZr4LdTQ1fAP3vKhqAqhzOu7caCduODrEc7uv-J4EAEggrq4fGD5uvSDnBCgAeXx-v0DyAECqQKwgvbm93iSPqgDAcgDyQSqBM4BT9Db6ctYqqHM0bQXGRCCAHuFgzZXjvHHsrY...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a15...

0
0

406ms
149ms

Fetch
text/css

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%222463995098005785215%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223606310737611140977%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x75f8dd111ba7c15d0000000000000000","2":"0xbe97416bbccda9e80000000000000000","3":"0x4f3a1522644224c0000000000000000","4":"0x74a712b452ed91080000000000000000","5":"0x5c660b71c12115750000000000000000"},"debug_key":"2463995098005785215","debug_reporting":true,"destination":"https://plus-media.co.il","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1069463781"],"22":["true"],"4":["02-20"],"6":["true"]},"priority":"500","source_event_id":"3606310737611140977"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Feb 2024 07:51:30 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x75f8dd111ba7c15d0000000000000000","2":"0xbe97416bbccda9e80000000000000000","3":"0x4f3a1522644224c0000000000000000","4":"0x74a712b452ed91080000000000000000","5":"0x5c660b71c12115750000000000000000"},"debug_key":"2463995098005785215","debug_reporting":true,"destination":"https://plus-media.co.il","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1069463781"],"22":["true"],"4":["02-20"],"6":["true"]},"priority":"500","source_event_id":"3606310737611140977"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2252 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90f9a91537423a9e17366a961119b51733c8d4a1e5b40fa8c535e1f0f812d3c0

Request headers

accept-language: he-IL,he;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FDC5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83de3098eea2b98c56fdfeb0c629457592332865bcc8c69afbb4ff698febed4f

Request headers

accept-language: he-IL,he;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js Show response
pagead2.googlesyndication.com/bg/ Frame 5F4D 51 KB
19 KB 112ms
112ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

42cb6e9418b38463397378ace4fbf5ef9d58814c96c3f121d19e766f99327e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 559044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19784
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:34:05 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 2252
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C7s6L_lnUZZj4LdTQ1fAP3vKhqAqhzOu7cbifuODrEc7uv-J4EAEggrq4fGD5uvSDnBCgAeXx-v0DyAECqQKwgvbm93iSPqgDAcgDyQSqBM0BT9AxGk79nouUsESwU_9xanskmdsd5KeDVhu...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a15...

0
0

404ms
149ms

Fetch
text/css

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%223179713527138543904%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212999819985394355345%22}&andc=true

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x75f8dd111ba7c15d0000000000000000","2":"0xbe97416bbccda9e80000000000000000","3":"0x4f3a1522644224c0000000000000000","4":"0x74a712b452ed91080000000000000000","5":"0x5c660b71c12115750000000000000000"},"debug_key":"3179713527138543904","debug_reporting":true,"destination":"https://plus-media.co.il","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1069463781"],"22":["true"],"4":["02-20"],"6":["true"]},"priority":"500","source_event_id":"12999819985394355345"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Feb 2024 07:51:30 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x75f8dd111ba7c15d0000000000000000","2":"0xbe97416bbccda9e80000000000000000","3":"0x4f3a1522644224c0000000000000000","4":"0x74a712b452ed91080000000000000000","5":"0x5c660b71c12115750000000000000000"},"debug_key":"3179713527138543904","debug_reporting":true,"destination":"https://plus-media.co.il","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1069463781"],"22":["true"],"4":["02-20"],"6":["true"]},"priority":"500","source_event_id":"12999819985394355345"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js Show response
pagead2.googlesyndication.com/bg/ Frame 750C 51 KB
19 KB 112ms
112ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

42cb6e9418b38463397378ace4fbf5ef9d58814c96c3f121d19e766f99327e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 559044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19784
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:34:05 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame FDC5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CSvbm_lnUZZn4LdTQ1fAP3vKhqAqhzOu7cbifuODrEc7uv-J4EAEggrq4fGD5uvSDnBCgAeXx-v0DyAECqQKwgvbm93iSPqgDAcgDyQSqBM0BT9Aiqs9Hxicn-o5zcnYSwSikY6mh8BH1pcw...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a15...

0
0

408ms
152ms

Fetch
text/css

172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%225955219161246185359%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217058000197871209649%22}&andc=true

Protocol

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x75f8dd111ba7c15d0000000000000000","2":"0xbe97416bbccda9e80000000000000000","3":"0x4f3a1522644224c0000000000000000","4":"0x74a712b452ed91080000000000000000","5":"0x5c660b71c12115750000000000000000"},"debug_key":"5955219161246185359","debug_reporting":true,"destination":"https://plus-media.co.il","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1069463781"],"22":["true"],"4":["02-20"],"6":["true"]},"priority":"500","source_event_id":"17058000197871209649"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 20 Feb 2024 07:51:30 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x75f8dd111ba7c15d0000000000000000","2":"0xbe97416bbccda9e80000000000000000","3":"0x4f3a1522644224c0000000000000000","4":"0x74a712b452ed91080000000000000000","5":"0x5c660b71c12115750000000000000000"},"debug_key":"5955219161246185359","debug_reporting":true,"destination":"https://plus-media.co.il","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1069463781"],"22":["true"],"4":["02-20"],"6":["true"]},"priority":"500","source_event_id":"17058000197871209649"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 393ms
146ms Preflight
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js Show response
pagead2.googlesyndication.com/bg/ Frame D97F 51 KB
19 KB 112ms
112ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240215/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

42cb6e9418b38463397378ace4fbf5ef9d58814c96c3f121d19e766f99327e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 559044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19784
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:34:05 GMT

GET
H3 200 QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js Show response
pagead2.googlesyndication.com/bg/ Frame B5AF 51 KB
19 KB 113ms
112ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/QstulBizhGM5c3is5Pv1751YgUyWw_Eh0Z52b5kyfiU.js

Requested by

Host: www.file-upload.org
URL: https://www.file-upload.org/gxbzwmkj6mv4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

42cb6e9418b38463397378ace4fbf5ef9d58814c96c3f121d19e766f99327e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:34:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 559044
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19784
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 20:34:05 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 34E8 0
20 B 146ms
145ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bz2z3AFrUZeerDLuUkdUP8Iq0gAUAAAAAOAHgBAI&bg=!dXaldjnNAAZN4L4YbeA7ADQBe5WfOGFEUclZNvb8I3rIUHXgbOxZnjjQeWQ8KX_SBE948ht52m8OcWQfv2KWDvD_xT_bAgAAASdSAAAAA2gBBwoABQcaDkw_mQLemXZmtaKa-mzhDEzuqxaViSw8XfsDC32NEL4NcHynTeKaK4wmSm0Qwl-Nl6TrnCt8_RXRSC2drdUnkuD8vHv8LCmWRo3BSqdXZG4DKKGbZmInGtligG6mU4-273JCuuo5ZwOSM4qljFzSHCOVzKbbgIKXsp_l3ptmiEwNQHOfmjaeG4KgSSPJIXoOw84MJL1ti8oaCLp75XqDDWq7cMqN-ZecegxrHs8R9K3Bhp5BdBhmbh6IWUHhGMqMn2dgtOzKuoiTqRv1AWz2P768KzbH2mtEWE7ZHLrVmvzU7hvjtO_YTRcFvIhp5axQswGq14fZU_lI3O8UT2g6bXK56tayZQ_-nqpzC3BW0683opqQyHvwgeDxJR-kmkqt6jPA132fmPbAo5FrtOWeV7d8eGEvNAEvQo7pp7t9oUIslO2n4xk-8wpOGBUKDHjvffMM6Dfwz6nK7rcMR3yCyfCW8eXSQnuFSBzneIjH3l0CCUty0Cw2Yw9Zp0xBv1xehA8ceB7smQmWm32l56oTnsFqgJtk-WU0FmRj6u2bJUPeQADiZi09csVEkF906iD1JFt_bakkzVQhOKx_yDkRY0fXP0rDIURr56h84XWkVYIMuMTMbEJL2ieYVX-5nu5G2yloki8Jeu_IRoomwTB3Qay6FhBg37KRQZKR_9n17kHLKZbpTdRK2BhpfYkoJEl5Qe6n3qRiH3sutpbMVJgk9X6NtbDqf6WOm7o6XBrHbFC0k_B821LAf6sFZE3SMnaWpg8DkcB9GVspl7EWrNoFVN6ZWyf9wiKJMreNQ8rTlS9JJO9B24uRztvQbBpc1GG5w6ARDRX7oyFR3yPv3DAeXe7h9mCG5E4ufeck62Ry8gGAyG39Z5-7ASLs4HPZ81FZwBAMZsbZ4PgUrbVmoiXBUrA3YOGs_RX8O3IDcE0PYj0rPnK8uhrZly3gqA7MxfggihvP0BX77SGQ_jMGRR8DhEgoDvY

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 229ms
146ms Preflight
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%223179713527138543904%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212999819985394355345%22}&andc=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 227ms
146ms Preflight
text/html 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x75f8dd111ba7c15d0000000000000000%22,%222%22:%220xbe97416bbccda9e80000000000000000%22,%223%22:%220x4f3a1522644224c0000000000000000%22,%224%22:%220x74a712b452ed91080000000000000000%22,%225%22:%220x5c660b71c12115750000000000000000%22},%22debug_key%22:%225955219161246185359%22,%22debug_reporting%22:true,%22destination%22:%22https://plus-media.co.il%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221069463781%22],%2222%22:[%22true%22],%224%22:[%2202-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217058000197871209649%22}&andc=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s22-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 20 Feb 2024 07:51:29 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 29EB 0
20 B 148ms
147ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BO7u8AFrUZfqnDMLmnsEP5MeLKAAAAAA4AeAEAg&bg=!U1ClUB_NAAZN4L4YbeA7ADQBe5WfOME0Wo-Kpq_TZPZGXK1tAJm5Qbc6DemDTMP4p1N-CYcfooOq_oBqdU5NR3WDi0aWAgAAAOFSAAAABGgBBwoAHWQKm9pe7IIbmOTqU9ll3-wVkkJph_OywXr82DNnmQLjfIP2x64-Sn2pcrCMZjOprQreLjWUiWpT3qhIrFOJ9A708iuh3iM_vbExAucSvPAeRe7Od9MgrCES2mclJk7s4N1St_7wuUdLy94ZhhVTlmFyTegOBlroJmUn-JHhjjLAfR9uWdLpSNtJmNdbTy_KuXYOd-AbnPUpgH1Rtpd9Xgar7i3eVfHZqv83rLS8KWSPsCJGNCZYxynUOK4sdpf7RDC0_a6PI_avtVGSYqSBZtug9-RPwEzmsCU5MV8BlY26a6_judC42v13rpqoz1lw2xnjqNbNiszTBVtHJvwMgVKS5LrJnupKADwSEWTl_BvGycmN22AJeTAHncfF133lefxeTpComLmFiHMHBUFHjrB-2REs_Vr1YM96GjdsIlDwNDa5TL61csULG2HCNbmeDpR5qYvbIf6AfCrgRT-nxnKdz92y3JEhaSoImulhsOYtsswXPq5r8M3Fh4cn1CZxd2SRz9d-TG4ComHrFEW9AS1231LC8FiUGD2jplFUMofVsMrPl3JR5HkHRjwPhFddCdAzRSAovv2NSHQzRwgzXOsaHPj7nf9RmArYPagC4TJwyJvaKsg0IHqNHkzwp19GAFs1JV72tSKe86qfykeGRiFvRIiupV0BnVfwJK8XWXqDtJhRq62I9IzVCw70xnrgktcHh0RcdZit02iiHEhEboE83ugJyueLagz-MT3wRhOmsPuP5iY-VRYcKa7S0R0rYFzNPrbCaQn_fCSgM6meCqAKwH_Duphkvli_X5rmKyu7YN0iaANcPoF9WxkW1xT4NECCILYloMPHojk_mTuV-z8mmBhOzvpkWTYISpWpYt-rpDi78yCxGYfCMa6af665V34Fi8E0tosTqSYfkU3QLdpFu_5THxFcQCm_aRjR8wFASRwez5vbMWZucDnr4I1kOi65aeQ9eL6wuuIVEsV28nAYJpjOYotoHr6Q7DgHAEFVTT_26XpuWL4wIfYra5bfXaj5Sg

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI-qe20re5hAMVQrMnAh3k4wIFEAAYACDd_fxbOhoIm_2l6QQQhsGb_7wEGJ2ileMDIKy0rZz5EUITCM_w4tG3uYQDFYOg7AodGHoNNw;dc_rmcid=CAQSTgAvHhf_OUW7x9b2Ll24MyWBNhHqMWZJHgO8fv9G2PKD4mxtZL9K84s1kYhgDq69efBO3Df...
ade.googlesyndication.com/ddm/activity/ Frame 7C71 42 B
401 B 599ms
346ms Image
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-qe20re5hAMVQrMnAh3k4wIFEAAYACDd_fxbOhoIm_2l6QQQhsGb_7wEGJ2ileMDIKy0rZz5EUITCM_w4tG3uYQDFYOg7AodGHoNNw;dc_rmcid=CAQSTgAvHhf_OUW7x9b2Ll24MyWBNhHqMWZJHgO8fv9G2PKD4mxtZL9K84s1kYhgDq69efBO3DfT4TMMyhGirdsoAF7mfnI8eEbffM0XoUdVvxgB;eps=CIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WNGQ3tG3uYQD;met=1;acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D99%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D764179692%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828901;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1708415489650;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 7C71 42 B
64 B 160ms
154ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CoFvW_lnUZc_5MoPBsgeY9LW4A_v_8MR1rLStnPkR5KyMosQ9EAEggrq4fGD5uvSDnBCgAf_xp9wpyAEFqQKwgvbm93iSPqgDAcgDmwSqBOoBT9DOgjuA5-oNMAlpTYDWt9bNumpOoNJvI64mCo_lJnQV4NVisBz11MsjDH7c-lF3xWDliLhxWNy9iT-cV3_fBswJs8DmTi4KLc358mNDOsVM6S9c-JGZJnUIrW95qUqV9aoK-EguHTvbguPKcH2ASE1m99L6_PGTepsEOyzNmukEI4fnu4UPY7mXnqAvHQ9lZZ-4x_EQrr8uZbh2yUwV2TIOA6VvBTNaLFpr_VhML44Pi5xrJ8xCRQvvP1SuSTtZfWHg48HPquc-29FCZNBrxsZRzhGdjgcfuj5iSmzcKfHRP6li2CxJwaNAwASGwZv_vATgBAOIBf283bZLkAYBoAZ2gAf_qfi7BKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY0ZDe0be5hAOACgHICwHgCwGADAGqDQJJTLATuJ-5FsgTnaKV4wPYEwqIFAjYFAHQFQH4FgGAFwHoFwU&sigh=N3t9zEah83w&label=part2viewed&ad_mt=100&acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D99%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D764179692%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828901&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1708415489650

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486030&bpp=1&bdt=1071&idt=654&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=658
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C71 0
557 B 418ms
154ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsssF7xS-429-dKN0vlmy2HQ0pEqNddSPRSag1s33JqNxOzpyCblJ66Ol3zt2im14JLNvECsHo0JRBooJnpaZgtwfCaNKPpfXvXaV1m6J6kuIqMdheyYTKTk_nG5Z-Q5s7qaKVz3hSMV6rdhkSAZPMmTe1fzBcvXA9bGpsecjb9I6aoCoL7OQzIWGtOO1GaK9cR4BjhDk0NtZa6cQDwF7DNNp0r_Hxj7hDkLosNh2xUbD8ZMoanpQDhSRXyGrUXMnbl0P3lnCbCNAuef8BiXInvcXgjpITT7pa7d6IO0Qefy-Kne4qLc3yHqEJWLKC3MRj95DONBh-p5XPriecfui-_vjCmz_Qp3F_b9WNoXT8BKaydopIft456BncH-80ytt4344tFbjyYjTUJXg-v-dPAQMR69Cm5jGY8WNkKrHvD21A16UTSrvkwhoRH4247nWZ7VVoJatdRI9SzC9XjzDh34t3OTu4zpgCPvXpsIyDQUzAGblwNSgVwg_p-8l4rIWt-mapdv-jmCFyCrCl1KjkxLgHYxUIe-tYTtVBLh5snTLfipu_xb7fnx7WaWD9NUDl4sTvoV2G-IUpACz5U4pYp6iC0qGQNxqob8qepYU5sTlE3XTIZbhs71sebWmoJmcLMd_EXOnqmjTqoj6MXWw6SApqunVczDO3ZzO5uNhlf_SbCfbshIf3x4RKe9RVwjpp--cJ4Y9IOEyziXja1kiCRLNbq-IuoXSwLeocEQhUBbCqpEQhp5E2HPC9WxPnxQx4cTPMC6TSz0ymq0YJgKXW0366OBDo_vNvFEa10YDcu6P2PhJIWAElX6r0DDIFQvbIHbJbYFPWd4k0Ili1-V5ZduFomK3prEnHRkhMr5pBvpMiLr2vGsMo3BrMQPSKFP4ScTOx2UWdFjisw2Z23jPlvF1_tD0i4hKyj5T0Kk0Pl7gGxECC9XPk3ut_OfdNACOe2kRdO8ox6jJsI7gCPT3NRRn8H5bB-o5R4m1YX5zyvOBj4uIGqccHpKjagTwBYs-9MVnqOG0CYJX7Va1HetW8RuLmtM5L3kpqddmWEUPuj_h39ViUXOouDCtUEiy2I1D-IjRUIcPm8xNx2zzTkK0dvBcZE4Okm84mc-GbLWizrFbBLwEtkt3HiNuuEg1pvQiycUeiXIIglj9jp_Nhaod7IkEfCTIV8YAJPznhe0fE53H9Zjv-tVa7ozMAVpogORtKPrpvmmE5HrhvyJpe_95nZjgNfiq29rtXIYoAIlEVknAdM&sai=AMfl-YRssPpluUbGJkb6Xw1P5Jq4obH_SeVC-a49l3zyZyQS6WdVLZDqS0runWtu2SP0Ns4rnBg_7C4OUVLvlXP4r-TcaG2bOemUSzLSVGsUtWbbOhCkdFbPdUYkFFn372H0L24roZGN7DwwHavR8DzG4Iutv0bePau-XzggcQnNK5zpgsaaKgOB-PmOertVHWxiGwI9Bg_GMc6O_rwlude-1Vk_pP9-JfnqzQdl0odOK_iSXa-tR2gCgku_s66W5BJO1Z_rjd928G7DMdaAQQ8cVgujv2PUMg73C1oUgQ&sig=Cg0ArKJSzIz895y9iAD1EAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 7C71
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJy6pwIQm_2l6QQYue3s7AEgATAB&v=APEucNUyxQwmOaqICi1ANmLwndOCImsQ6wbi1wqzvUGnIV5EBxz3ax9HQuRNKdpcFuL4s3YGxAi9sYSMt_Ey-NyD2gJlViT-ZeOk7M6zObXsIre38eJeqnA
https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZdRaAosFVoMAAA2RAESBWAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM6FNoi4fUofaUNNopdSE48&google_cver=1

43 B
769 B

294ms
293ms

Image
image/gif

172.64.151.101

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM6FNoi4fUofaUNNopdSE48&google_cver=1
Protocol: H3
Server: 172.64.151.101 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQIzQyNke9YlQU9JsWKKuwb5n0zIfK%2BmayLX%2BzVmJasqc3ykn8XNH5rGQox1kQQ1T%2BvQ8A2OwJKnh%2BhStPInNe5BH2GKDWeG79JUBZtOPsuyVzFfrXt3SwwVUaU0lUU1aps0WgixK9Cycw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 85852a3288aae3df-TLV
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:30 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM6FNoi4fUofaUNNopdSE48&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7C71 0
20 B 152ms
148ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7C71 42 B
64 B 155ms
151ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsshfHb5zfW-rxbn1uV_3POa-mTHfMT5TkOsOk6IC5OoK5E1BzcJ4DSEwCXaEYsKpfRMbhKYhbNUu65RgH9BPtTYEubozeEVCtLz0RN6YvC0UA1yIwq0zkXwADioq1nMq2uqtttg_x-qXDGP_JpntLKgqGWYhqhaTVQ&sai=AMfl-YTO9rGyLwsbpLmXL7BXRcwpiJekSAptYXwOfwqpKUUH1fn9_3U4TQuQJ5fRFsktSnXcf9QBWFgcxUjsQQ7vu0jMe5WQugYSwUAOXicYXXofRYNKqYEgyNtUCcz1FTQRyLWo39GZxUeWeD267jfb&sig=Cg0ArKJSzGSqh7VuJDhTEAE&cid=CAQSTgAvHhf_OUW7x9b2Ll24MyWBNhHqMWZJHgO8fv9G2PKD4mxtZL9K84s1kYhgDq69efBO3DfT4TMMyhGirdsoAF7mfnI8eEbffM0XoUdVvxgB&id=lidarv&acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D99%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D764179692%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828900&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1708415489650&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 7C71 42 B
64 B 164ms
161ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CoFvW_lnUZc_5MoPBsgeY9LW4A_v_8MR1rLStnPkR5KyMosQ9EAEggrq4fGD5uvSDnBCgAf_xp9wpyAEFqQKwgvbm93iSPqgDAcgDmwSqBOoBT9DOgjuA5-oNMAlpTYDWt9bNumpOoNJvI64mCo_lJnQV4NVisBz11MsjDH7c-lF3xWDliLhxWNy9iT-cV3_fBswJs8DmTi4KLc358mNDOsVM6S9c-JGZJnUIrW95qUqV9aoK-EguHTvbguPKcH2ASE1m99L6_PGTepsEOyzNmukEI4fnu4UPY7mXnqAvHQ9lZZ-4x_EQrr8uZbh2yUwV2TIOA6VvBTNaLFpr_VhML44Pi5xrJ8xCRQvvP1SuSTtZfWHg48HPquc-29FCZNBrxsZRzhGdjgcfuj5iSmzcKfHRP6li2CxJwaNAwASGwZv_vATgBAOIBf283bZLkAYBoAZ2gAf_qfi7BKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6--sQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgIAISL39wTpY0ZDe0be5hAOACgHICwHgCwGADAGqDQJJTLATuJ-5FsgTnaKV4wPYEwqIFAjYFAHQFQH4FgGAFwHoFwU&sigh=N3t9zEah83w&label=vast_creativeview&ad_mt=100&acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D99%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D764179692%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828903&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1708415489650

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486030&bpp=1&bdt=1071&idt=654&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=658
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 7C71 0
17 B 236ms
233ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lsu2gzlu&c=7910007095899&slotId=3955003547949.5&qqid=CM_w4tG3uYQDFYOg7AodGHoNNw&fb=outstream-lima&gpm_i=8&gpm_c=8&gpm_a=8&smb=Infinity&br=2019&mt=video%2Fmp4&vs=1280x720&dm=37000&ple=0&umsem=0&event_name=first_play&asset_bytes=199858&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=10&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=0&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.2a8~ff.2ar~videopreviewstarted.2as
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BBEC 0
20 B 145ms
144ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI56u20re5hAMVO0qkBB1wBQ1QEAAYACDd_fxbOhoIm_2l6QQQhsGb_7wEGJ2ileMDIKy0rZz5EUITCJW14tG3uYQDFYwz-QAdNoQIvQ;dc_rmcid=CAQSTwAvHhf_YruNQ7AAP46NlXExhG19fbMIA9Liip9FuiwsqNLVD1wE6tGWg5hT5yPnIMJ1JE1...
ade.googlesyndication.com/ddm/activity/ Frame BBEC 42 B
107 B 588ms
346ms Image
image/gif 142.250.185.66

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI56u20re5hAMVO0qkBB1wBQ1QEAAYACDd_fxbOhoIm_2l6QQQhsGb_7wEGJ2ileMDIKy0rZz5EUITCJW14tG3uYQDFYwz-QAdNoQIvQ;dc_rmcid=CAQSTwAvHhf_YruNQ7AAP46NlXExhG19fbMIA9Liip9FuiwsqNLVD1wE6tGWg5hT5yPnIMJ1JE1dp4vI1ArS7FY2OC4OKIYjKR_7G-TiEzg-2HcYAQ;eps=CIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WNS_3dG3uYQD;met=1;acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D111%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D44997119%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828901;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1708415489671;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame BBEC 42 B
64 B 171ms
168ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Chvx8_lnUZZW-Mozn5LcPtoii6Av7__DEday0rZz5EeSsjKLEPRABIIK6uHxg-br0g5wQoAH_8afcKcgBBakCsIL25vd4kj6oAwHIA5sEqgTrAU_Qin2-xYiwe2SwQXYMuWmIopwDbTvboSikSfkbAtHK8MvpjWoCl66qbe-PFlo_irqW66-ejL2lsD-CUueZ0DV0HTTSz1Oh6JEiQ_2l_XtTO3EpzC-prWXF-3c9LUpm2qB7CoexmupmPOpS7FngEFMqLo6JE9O58ei5KZkCxfXOIxTbrpc2pICiTDYzLukhF85BzI47l2O9As8dnwxxQq7z_Li-XKAft3zInrHcgZutHHNnfrZGlPCvwxnjBGPL12Xrd9DuXN9Ohe2MJ8TGZFseKl1IKyx8IYg5CcUE0L2p_C8Bm-ESfOuv9CfABIbBm_-8BOAEA4gF_bzdtkuQBgGgBnaAB_-p-LsEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAtgHANIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOljUv93Rt7mEA4AKAcgLAeALAYAMAaoNAklMsBO4n7kWyBOdopXjA9gTCogUCNgUAdAVAfgWAYAXAegXBQ&sigh=jGdwPn1EJAo&label=part2viewed&ad_mt=111&acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D111%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D44997119%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828901&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1708415489671

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BBEC 0
65 B 417ms
163ms Image
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstlQZyYjeEADPwHYUBUMurqrEQMVtzC2pmZodfRhmf9nHmBAgr72zXuRpqbCb7ZB5lp_3FvchA_oQbQZS_ZZDykGvchg6xYJGfbwCAnNM5G14rp60KhrhyCmYWDxSFMr_R9e8WtPChmqa72WYm2C0F4BpsfhsHq8k1gOU1WmvmBVenRSVO7dhNBp4wdSdbhih4sW0PWuBv3dBaiGUwQnj6ZBHIKviCoxOQnEx13OlkPkgGZLNh5BIBG3ATk9vOxOK-Dgm_Z8S82wciBi7BaLVVJ3QbUc-EnXJm1lXt4Xd3A0BAT-VRgCXqd3Im7ABZvRgvm6EUqBe5uTq4vbmhO3pXPeGdXv6BDuVv-4LlOVPYuMMkpI4I2Wc3tHz7DjwohYIQSCMsDLoqBaVOYh5W8I7SyX3FKsb0laO2Nj-LwyLCUSdaRlFZk4bcZ7QWaj9d9tnM36kZdlYWDo1_IzoXPJIdxJHrPpV-5FnYuRPIEADD4_7taMA5vypYHI4nDUJ1Es6fEvIjfmx5NZcUpQyvcBK4HgMUlb2rIXQoIx8zbWrkSxRMSXZI9nrfjrjniW3ezvZXAbhgSUwpMZtoyb-Yd2de3wJZ-VaZn-hxWR9iIxUNN0R3I9gJ1r5JGmO1pZ4prSrXhijMB-W17R8L9Y6MbVAD5PtfLHSkVP4WK7GyiWDygNWeTtxA-Wyx41sJEPISrWWTToHFuMrCPG4NXr06NxRJ9ub3K-6xAy1dS_pti4wZzvS3hRoki9qUI27_MmObKp6DVjtPDvN94Zh3KOHS-pKub5z7SFBNgjBld2GXKxHN0luG4mdj5IKU_AgYhPP6_0tEB5J50Vrs1xJ3cU6iru5yB2LxaM1tqhKOXbl3SNT5lG_DlO6hBxGcbayOA3IeGNeQjEzWClQ8SJbKaxAHtbOzSs4ylTXdZm5jho9uE3mQB6Qz7jKuG7U-yatp_Xq95GcLZRYXpvane17p33t6kkE7xxTbH52wbkXzpmP7OHgtvWP5XdBD68ylDCE3xc8S2CR83Nmw1bQJG6tjT-cOcZOlbnGp53WNNk7vSNa_B8CVaibMBePQFJhaupHvBNw8vwOrEUfKS4X5tZ1BbYsixbCxEYDe3A6o2E5PplsPnMcgzw1grNJEdA9gxTIPuNJ0AO_O0Tc6533HABJz4xlrteJ40AQhp4AwyeCAJtqd9DT52eLzwPyg1kkd8NHCMyK8CEmAvYQ_Wwqwue8UuS6NJwx7w3mHgp9ZK_3phazYtHTwXSOKGi8c&sai=AMfl-YRixBupQGPAJFPlqW6PmKuZ7UXO6ow2qF0iETEcAnXTKMuNgREjlHsFxegkz4koXKR-x-wLjeLdyufQg3FQNJNlHmZRZnvN0V1D7RFi6f7jZtDeg6BHbkFMxJKQulbR8XDdYYua7Xu41DPCzPsiqk5LBxLVNXgl9AfadPrkNLkMWtJ7nGAP_piWnmtFSgeqlJp3gWaX7Xy-9jilR4CuU85g52QtlflddfHEzSTdv4VB5ZLoRvkYUfDmYcnJiItUq4zbtBpdyDDq2ThtVWXooNEHpsoI7uSnDk3rEaJWaw&sig=Cg0ArKJSzGuQl9BRGZv7EAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame BBEC
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJy6pwIQm_2l6QQYue3s7AEgATAB&v=APEucNWQC7QbniXqTFSI4OFba9Uj8EpP2Y3MBgmVOwNDC0iOjTY8EGcXlgTPeZGMdfIBUwBYv8Ytx9lcz_x5wuHpptAbAWh5ab8ogoIkEMMlzyb_UTrxOHQ
https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIzNDk1Nzc0NjI4NzUzNTM3NA%3D%3D

170 B
243 B

122ms
121ms

Image
image/png

142.250.186.162

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIzNDk1Nzc0NjI4NzUzNTM3NA%3D%3D

Protocol

Server

142.250.186.162 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:30 GMT
an-x-request-uuid: cec66792-98d4-4474-a36c-3130f32df007
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIzNDk1Nzc0NjI4NzUzNTM3NA%3D%3D
x-proxy-origin: 31.187.78.102; 31.187.78.102; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame BBEC 42 B
64 B 165ms
162ms Image
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuKlw41Vwz4XVE-DUf7EzN97qNxUMVK3TIIAD8MlBGOn_SGUbQTxcG_pFbe_No3Dcou66EMPwocQmxk4L5wa7gl2_X74vweDDB0H2q6X3cf-by8FadHHeQOntl4TX11r8BAEGbcpauHn7uaBAEzz1SvP5uEAfhL2FQ&sai=AMfl-YQiOH5J1nfIdTHha49bLATSYCTh9N23jx7drJXKKkwmLNWYcKWOkEM1QrOLysxpaq6uKmfjL46z5d5tKhFLbi5h-td13wz3I2NnwNi66cbJH-Bv4rysL9WgTPDApvCyM1g3mDlPuIAoXbMkaIrEiw&sig=Cg0ArKJSzNakLlE7s6WCEAE&cid=CAQSTwAvHhf_YruNQ7AAP46NlXExhG19fbMIA9Liip9FuiwsqNLVD1wE6tGWg5hT5yPnIMJ1JE1dp4vI1ArS7FY2OC4OKIYjKR_7G-TiEzg-2HcYAQ&id=lidarv&acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D111%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D44997119%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828900&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1708415489671&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame BBEC 42 B
64 B 173ms
171ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=Chvx8_lnUZZW-Mozn5LcPtoii6Av7__DEday0rZz5EeSsjKLEPRABIIK6uHxg-br0g5wQoAH_8afcKcgBBakCsIL25vd4kj6oAwHIA5sEqgTrAU_Qin2-xYiwe2SwQXYMuWmIopwDbTvboSikSfkbAtHK8MvpjWoCl66qbe-PFlo_irqW66-ejL2lsD-CUueZ0DV0HTTSz1Oh6JEiQ_2l_XtTO3EpzC-prWXF-3c9LUpm2qB7CoexmupmPOpS7FngEFMqLo6JE9O58ei5KZkCxfXOIxTbrpc2pICiTDYzLukhF85BzI47l2O9As8dnwxxQq7z_Li-XKAft3zInrHcgZutHHNnfrZGlPCvwxnjBGPL12Xrd9DuXN9Ohe2MJ8TGZFseKl1IKyx8IYg5CcUE0L2p_C8Bm-ESfOuv9CfABIbBm_-8BOAEA4gF_bzdtkuQBgGgBnaAB_-p-LsEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAtgHANIIJAiAYRABGB8yAooCOgmAQIDAgICAgAhIvf3BOljUv93Rt7mEA4AKAcgLAeALAYAMAaoNAklMsBO4n7kWyBOdopXjA9gTCogUCNgUAdAVAfgWAYAXAegXBQ&sigh=jGdwPn1EJAo&label=vast_creativeview&ad_mt=111&acvw=sv%3D961%26v%3D20240214%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D37717%26vmtime%3D111%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D44997119%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0%26co%3D434828903&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1708415489671

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1708415486&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708415486021&bpp=1&bdt=1062&idt=650&shv=r20240215&mjsv=m202402130101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4392057235031&frm=20&pv=1&ga_vid=1213527405.1708415486&ga_sid=1708415487&ga_hid=113298300&ga_fc=1&u_tz=120&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31081141%2C44798934%2C95324581%2C95325066%2C31081219%2C95322195%2C95324155%2C95324160%2C95325080&oid=2&pvsid=2089597695575073&tmod=1503201667&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=655
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame BBEC 0
17 B 239ms
237ms Ping
image/gif 142.250.115.120
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lsu2gzfl&c=7638791893712&slotId=3819395946856&qqid=CJW14tG3uYQDFYwz-QAdNoQIvQ&fb=outstream-lima&gpm_i=8&gpm_c=8&gpm_a=8&smb=Infinity&br=2019&mt=video%2Fmp4&vs=1280x720&dm=37000&ple=0&umsem=0&event_name=first_play&asset_bytes=199780&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=10&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=0&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.2b7~ff.2be~videopreviewstarted.2bg
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240214_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.115.120 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: rq-in-f120.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:29 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads-315px;) Show response
fundingchoicesmessages.google.com/f/AGSKWxU_Q1tRr25B7jGBeShW9dBC7SpRK9ewwh8KamT5T2faTkB7mKQa8Qd97RGUV1uw3eA-reJshdjf3GKFqFWMKs-kmvu8-2RaJ6UAUY9jUqwjvWi8rIOc82GY-WuEMGXR--XmLEA9pju58PqMxXxgPoqr_1fzE... 54 B
110 B 134ms
128ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU_Q1tRr25B7jGBeShW9dBC7SpRK9ewwh8KamT5T2faTkB7mKQa8Qd97RGUV1uw3eA-reJshdjf3GKFqFWMKs-kmvu8-2RaJ6UAUY9jUqwjvWi8rIOc82GY-WuEMGXR--XmLEA9pju58PqMxXxgPoqr_1fzECKP_KsyU8xWiggYHn57BBm3RDtOrGXI/__ad_footer._ad_actron./728_200_/monetization/ads-315px;)

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.iw.oHQB9Oe7CU4.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMy-PWLPC9BRM6RPFT3HxWs-ljSh1w/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

1844b89b65fac45187ad45afef1672e645dc83425d7d26ddac84dbe458de7a7d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kEfgI6nuv8kSCkVA_6LHtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:29 GMT
content-security-policy: script-src 'report-sample' 'nonce-kEfgI6nuv8kSCkVA_6LHtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4KUhxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIR6Oxi0X17EJ7FjZOpcZANxfQ_0"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 61 B
76 B 124ms
119ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 06:57:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51
x-xss-protection: 0
server: cafe
etag: 16023549773543154165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 07:57:49 GMT

POST
H3 204 AGSKWxUdUF3lkJJYqk76kPZDitho8GYlQFc2qqEMKMf_KYSH2naot9l3mEOZ6awp9SSuumwh3o0UyEpa8XnJW97wsIZCqLkJ2H3yq6GPHj-6_eRj4eJrSj0GVaVbm6Lqh5fVpyqHPH8QOQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 370ms
136ms XHR
text/html 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUdUF3lkJJYqk76kPZDitho8GYlQFc2qqEMKMf_KYSH2naot9l3mEOZ6awp9SSuumwh3o0UyEpa8XnJW97wsIZCqLkJ2H3yq6GPHj-6_eRj4eJrSj0GVaVbm6Lqh5fVpyqHPH8QOQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-gBeqPQikWq0T-CB3nz70oQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-gBeqPQikWq0T-CB3nz70oQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtHikmJw0JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrABALcXM0bbm4jk1gw9WXxgDlkxgs"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.babup.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUdUF3lkJJYqk76kPZDitho8GYlQFc2qqEMKMf_KYSH2naot9l3mEOZ6awp9SSuumwh3o0UyEpa8XnJW97wsIZCqLkJ2H3yq6GPHj-6_eRj4eJrSj0GVaVbm6Lqh5fVpyqHPH8QOQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XIm2e9ilopFLsJmWW89k6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-XIm2e9ilopFLsJmWW89k6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtHikmLw0ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrABALcXM0bbm4jk1gwZSzugDnLhfF"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.babup.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUdUF3lkJJYqk76kPZDitho8GYlQFc2qqEMKMf_KYSH2naot9l3mEOZ6awp9SSuumwh3o0UyEpa8XnJW97wsIZCqLkJ2H3yq6GPHj-6_eRj4eJrSj0GVaVbm6Lqh5fVpyqHPH8QOQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6gLTpsl5_3tW0Fleu5cRGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-6gLTpsl5_3tW0Fleu5cRGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtHikmII1JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrABALcXM0bbm4jk2g4c8UQwDoqRfd"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.babup.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUdUF3lkJJYqk76kPZDitho8GYlQFc2qqEMKMf_KYSH2naot9l3mEOZ6awp9SSuumwh3o0UyEpa8XnJW97wsIZCqLkJ2H3yq6GPHj-6_eRj4eJrSj0GVaVbm6Lqh5fVpyqHPH8QOQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-ubqjiU53bKHPa46yxCrVdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-ubqjiU53bKHPa46yxCrVdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtHikmII1pBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrABALcXM0bbm4jk3gxOIGQwDpEBe6"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxXNiTZBq0tf1JcR2JNcmTm8O178gvNEitHm-lfEv_cojNPYbg-MoOnAOe94z66mlYG6QLDHHKltBtoUYzYLvAW52ZRD6qg9f4_OgdMp9r-5rDySgQQWvfUWU-W0_eLsg4qW_5S7zQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 145ms
145ms Script
application/javascript 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXNiTZBq0tf1JcR2JNcmTm8O178gvNEitHm-lfEv_cojNPYbg-MoOnAOe94z66mlYG6QLDHHKltBtoUYzYLvAW52ZRD6qg9f4_OgdMp9r-5rDySgQQWvfUWU-W0_eLsg4qW_5S7zQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4NDE1NDg5LDkzODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIm9IUUI5T2U3Q1U0Il0sWzksIml3Il0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

b31fd8814967c5b9425925e2681bf9970568ffb39891330e2397c2113dcb4c33

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eCpj0rnNugRwW9PQfN4j0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://www.babup.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-eCpj0rnNugRwW9PQfN4j0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjmsKoxSXF4K4hxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ySTw9SWTBBBrAfE7yVdM34B4h48HC9-66ayG66ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYQIP6cOYP1NxD71M9gjQNiIW6Opi0X17EJNMy4yAMAlX1DaQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxXiOa8_zUSOczZi6MFuFaddjD92yijbfpu2gJyHhql6hG3AtIqZAQLa3ErED6RH7sgk07_U-s4Yh-hFPIRtU_X3DeVJVrH958JpMNPTAqD9dTw-FJ1Ye2htNfuM2qvtjonft5dfeg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 128ms
127ms XHR
text/html 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxXiOa8_zUSOczZi6MFuFaddjD92yijbfpu2gJyHhql6hG3AtIqZAQLa3ErED6RH7sgk07_U-s4Yh-hFPIRtU_X3DeVJVrH958JpMNPTAqD9dTw-FJ1Ye2htNfuM2qvtjonft5dfeg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1wzx1uYycu7iAFvhHTDoiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-1wzx1uYycu7iAFvhHTDoiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtHikmLw0pBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrABALcXM0bbm4jk3gw7cfvgDpkBjA"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.babup.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUdUF3lkJJYqk76kPZDitho8GYlQFc2qqEMKMf_KYSH2naot9l3mEOZ6awp9SSuumwh3o0UyEpa8XnJW97wsIZCqLkJ2H3yq6GPHj-6_eRj4eJrSj0GVaVbm6Lqh5fVpyqHPH8QOQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eKHZP1fanVYAwSLYwd4ouA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.babup.com/
accept-language: he-IL,he;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 20 Feb 2024 07:51:30 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eKHZP1fanVYAwSLYwd4ouA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtHikmLw1pBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrABALcXM0bbm4jk1gx89ncQDo4xiL"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://www.babup.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1B7F 42 B
64 B 147ms
146ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuaXvPwf_lyR-aQ84FqQmnUDS8B_BQ4eN6C1DGPE8QoANF3FNnDqctESbV4nfVTXsoB7MjM8wCyoVoadkKP-Pm60FueAx9xtk8KWP8QiJHtbjxGLzY9XZJgGkUrZbizIqNq3C2ANlDnP-TDE2kvf2vNeT0mNtm5_8_y98CB9m8n7JKnAk4RC_VyadK9Qa0K1C2aWT9WfOPcAIjybQAbmLd0vQdGojiihILJPut084cjame_lnuTWobylsdF_B2BX5G2_PYAWDQ033bUn4FMQvUFy5h39Q8TncXcqDxEi9m8rCbcu7kwAszQCkUYIpvCOhuHY9BPrwTuUNQu-W-VwgPLGiJYO_9ELYpqbW__V7VglgRWK_461wzkx5EXtn81O9Yjzyg3W28PN3KFkLisIfSRcwh4KbTxax3Z8jdntWlBu3B-WMELBg3d5y1JNYIR-w1UMZvMTw7uDw-PIs3dsyutdGs_VwKgbejdHkAzaBY1Hao1MYi1uJzIf5DtTm1dbdE8ML_72mdBL0XB3cQJG-WjSyFhBnHfvXQMWWf884abUZ9SxTB8TPmRErHWBV9PpP8zo2kExI5Yv7Uh6XpXUtCbgEiv4zO4LnvgWb-hw7lVegXGCSJz7-Okdcr4fw73iFUGdxDfG6cMZC_GSGToi2Jq-jTf6uEIIPEEicuXu69fP2ML21I4mXgWXjqMt2BE_wLM8RFSh1bRen5R7P6idgtKjQi4TvnDg9z3pNp0fn1KUotkRrn-ZCKomiLH7uTpwf6buCI_CxMlDJlOtiuVAaak-N1rHTLTFxo5wJy3w_ZdBm2fJjVmdJ5NUTwnNAqsHOXyfTZnxcDn4huNQX4RcgWlVUgzbqnqbkRUpYqnP4L-uyqx7wOCzKMXF6vwPdU_C42CsdzyHzFxo3ySX1sEZLj-K9Py15J18Xc-T_PywtF_AaSwztpO670YKcHM8ruvEdMSYnv5KpD7Mf_9iteNWzuo9u89nc3buJQV8EYPitymWrI7gE8XuJG03GHTpD82KvVth4bnHqoDqfVD8qzTDFz8FJHFWkmi4RsTH9E39ehO8oZqpEzs2uTrC15nFnVF8a9YZw01EC72HXEMneTZSXqkD72mx7kGn0LeC9Z6dQjrI7FMHusMa4HAGDZcCfkctI5d70g&sai=AMfl-YRaSz-eUbMkf9TzOj5WDgoEY_1eSzboITc-tpxNI9_CODJRrDKiyiKa2hNTwEdivXH2TjwfEDDoeveYwO78WngkNSR7vASQABTT-PNRz9hojXq7UVDR1Q46gAKkHxLIC_4TPDe8UYGGM_CHcVTxUdwkLAeaImpnebzZlFM&sig=Cg0ArKJSzLdiWnv1CsDVEAE&cid=CAQSTwAvHhf_CD-6vQAVE2Cea2ajoi3QGOexvRPua5c2aTvv21Hz5a-0vCvqnhdZDLqQP24EdW6Tr2y85KPHl3gYiEsGnSx4GGXlFyS3Uhimbn0YAQ&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=450,1000,1000,1000,1000&tos=450,550,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=434828900&rst=1708415488553&rpt=569&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2252 42 B
64 B 148ms
147ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssxDQaecziGeFfOIY0A35DQY5GtMvY-fOdXqWdmctm_eyRaMNf29bwh1b4LvFXGNhd4ZHx6iwVilH67ilbsdQ7rGNLc3dHyK6C8W59stMgQCRJuzOQjZCQ7s83FnOMqCVj5sBQjP745tK5iB4hnLrCtFte3bBiQj22mwqagiFj-IGtS-yZTFMn02BG2u-nVeNzYcamt3ANpVol3ISKEI6SVqMOTNCG-EOjgVh5XupMXSi8UQzpKzlx4gaswum5h6JeS_8b_00AGaNToORT3MOJr9q4acrqQ8PAHwxGiOoMCcSb_4kT2DlRZwJrbJBpwWlo5PNoaMwy9HBgTko3C9-AkFcvRDSeyHCY6DLFPFRDncLI9CfGjkna6KdguqPphy7KUkLbdQ1qQrdUsqPx3dpfNpv9J-Mcwfg5J7DtphYj03PElsCpyStwNQ2RzyihWDcwkAcOhuGojL9v8sB_coBUEf3k7uzN5DVcyNeO000soH709m2lhnhVNHowX3_N32aDUCLEWYjKbPhmYCQgy7stwulipnJ8aH8S2GfI1UeOrfas7v4QUegcjnl135wxplCov7wXp-ctxLfglyxT4XDO_A85ZneDnRKO2PuivQnh66ryR3i4a6Api15O44raSmarxJB2caMUlKT5aUDVE7MNQeHKGpUUOiCciHOjvR4VwwBkFGHj9iGeN3mD5fjVmcw2W4uPsYYAkhikCdApIk-tCRm-UX2MUzh3sx1ecxWYOg-xiFbA_tpKWN3ljhkm2m2PjlnF1UMhkPu0I2yQuMyJTK1AoC9PI-mEMnhGzUZfVXRFOjXapQo3qRPNbSWLUaAfCSzHwn7rJuJfAVOnc2B4wo_4WcrgX-O5XXP7v1wypm0Cx028WVreCrL2QqUIihya4irj8Z5sBc-Y7fCM8A1mtl1467Z2O_AaxHvt2dRTi_LrB4Wc6ad_hTnhtJzYff4X9hGx6-HTbst4B8sLElouZzr17BavuhDK3uzMItCdlsnwKQe6bLiiboABfRkAMILUXjThvmujsihQGKzluKLiRCHq8rD8gF-7Jq9kgHmhIKu9tp-M6RlWgpl_bSUbdnBla7Uma6tvbTvTY2c5Ba_FPgDkoYoxjvR7P0PnL11UFRqZl3vFCnxj0FQUP9en2cOj1vA&sai=AMfl-YTvTUckSPyTPJttPoJUCRHvJ6nfiwbSgur9Az_n2JHrgr5n_sHGbUsbEKMCT5VNTXAkTjlleJhfV-Rz2WMfWp6GBBy6fFWU0HfTsrmClK-51qSkGQXA0UEKmRapUBG7uy1HCAiBVW2CXtVOum6ZvmvywLpz-RO-Z6gs1do&sig=Cg0ArKJSzA5jM1vOh9uGEAE&cid=CAQSTwAvHhf_CD-6vQAVE2Cea2ajoi3QGOexvRPua5c2aTvv21Hz5a-0vCvqnhdZDLqQP24EdW6Tr2y85KPHl3gYiEsGnSx4GGXlFyS3Uhimbn0YAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=434828800&rst=1708415488548&rpt=570&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FDC5 42 B
64 B 148ms
147ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstAI069x0KjAXl4C-e23wl-Hx5VE2Vrld97fKdRZViIe8tF4HQqIuJW-Lu-GRg7h-SMo63IH5llD39GKUvfZDdGizpV5fdcFcWt8YSSbWEOV0l9tkyKE9wGAUXj9eX_8EfzohX62NdAqDd4n42TnVSYBhyCvH2d5hJA6zP5ph1wflGUUaPtlBqogwyjbpNgGks-oWNMoC21s0UlYz8TXCHybWpKDiWbuOgV0VfGlXTDj7AHCs4VV1yo0FQOgzfgpxYq8Pe2Brj8GiXVYjbSIfI7zHZOSLGqM8zkD0nG4daA4IztPt9f9UPm_upwBN1e0xotC1LfENNVCDxMInmt1P0pqXXRl8ruNX99fplOBFw36pGCUUHmIoRCLIybzCZKH3W801p02UOcH85EtfGKSsAoFhUqGQH5jz_gFaDshqo4ivXm43P1LcFNJC5PFGoDaAyV_opxbU81NvRxZIRkQu4Y_zefK1wN9baAAayUTUsKA91cDr3LLf9RbW0NqNPZQmSvKT0U-rrdOQKNj2sHqVAPeveSPgLYcgnxMYiMQY9yfoOt56zu13_E6X1jGowB93PeI-WBZCBwinouqpuo89_ygwhqIUu3W3A5gCGuEv_SUOzekCJnbO7udacW_m-Vh7chVz0i_f9XYCMfBD9rDlyKSD8yOHWHFQJ8_e2Gols4Mb8KLhWwMLcnFXjCmm7a1miJPsjAPb1n_HSdPZ1CiX4yV90ZQLtsJOmB3OBYqaxlWtQ_vBviqW4bRmgmLNcgOTkYhHDyxgiPSnpXOS7F4STmti_1dS2_MYbP8_EfBv2ePEh2e-pkzVuXteFt_aSGF7tE46QHXBbsE5ik3bSjHvmwe-pt7GIiM4y-fkkgY2mFiXxnDIezR0KankyaFubUHF_HJ7xQPXr1GNb1TkFpyDqsxD3gYuAqo8f4z1iGFfmYyLva6Z_lg8eFq-KHv90nNHtSLxj2ggCZsP-zlFIZrFeptj7KikdIgHc6hKn5dnTcO7JeoRTtAkq_GBPGju8glSKndr0jv8FTSz9kkgW0z8aagQ62QFg9L0v0MHP1Lo13DwYZfqJJ1tnPYTpZqTIzl-3u1narVkz9nRJ4_YxT_OlvQ195_LNK7x4j_4Fk4WlhmVY3L-p5LKQyL5e9SRC4pi39&sai=AMfl-YRfzrIsESaKVnslVZnKO1WjK_zcadjod41Soh6zojFT3-FOk7KJBAgaz9lrE2SU7FgRCvqIFkNkOENGODcCUIC-5XXrYP-2r6DjbDMR_iIZPYz16ya5elVu0WOpespqy6R5-kZ4hLw8CFmtWT9eO6iAZszr_d6gezDMxL8&sig=Cg0ArKJSzPPEdATUwa9kEAE&cid=CAQSTwAvHhf_CD-6vQAVE2Cea2ajoi3QGOexvRPua5c2aTvv21Hz5a-0vCvqnhdZDLqQP24EdW6Tr2y85KPHl3gYiEsGnSx4GGXlFyS3Uhimbn0YAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240215&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=434828800&rst=1708415488552&rpt=569&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: he-IL,he;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Feb 2024 07:51:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d

Domain: www.file-upload.org
URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a

Domain: certify-js.alexametrics.com
URL: https://certify-js.alexametrics.com/atrk.js

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.file-upload.org/	1969-12-31 23:59:59	Name: visited Value: visited, visited_expires=Tue Feb 20 2024 09:52:24 GMT+0200 (Israel Standard Time), path=/
.babup.com/	1970-01-21 04:09:35	Name: _ga_3T7TKCZCC9 Value: GS1.1.1708415486.1.0.1708415486.0.0.0
.babup.com/	1970-01-21 04:09:35	Name: _ga Value: GA1.2.1213527405.1708415486
.babup.com/	1970-01-20 18:35:01	Name: _gid Value: GA1.2.172799496.1708415486
.babup.com/	1970-01-20 18:33:35	Name: _gat_gtag_UA_119779859_1 Value: 1
.babup.com/	1970-01-21 03:55:11	Name: __gads Value: ID=9158258ddde88272:T=1708415486:RT=1708415486:S=ALNI_MZF4zrK7DclzoQ_Uck-KWoIyf8TmA
.babup.com/	1970-01-21 03:55:11	Name: __gpi Value: UID=00000d5ccfa30708:T=1708415486:RT=1708415486:S=ALNI_Ma_h46QlglowNzg_y5qYUCNPBi6LQ
.babup.com/	1970-01-20 22:52:47	Name: __eoi Value: ID=2650d2239007434e:T=1708415486:RT=1708415486:S=AA-AfjaCB6IUF9pTtrCCIrIgAZeU
.doubleclick.net/	1970-01-21 04:09:35	Name: IDE Value: AHWqTUl41y8WNj6fOWTnwIvbn0npHWsGiwHAz7mr66pRCYvuF4YQ78M4njl-fBGx1U8
.doubleclick.net/	1970-01-20 18:33:39	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 20:43:11	Name: ar_debug Value: 1
.babup.com/	1970-01-21 03:19:11	Name: FCNEC Value: %5B%5B%22AKsRol-BkqaDQDIXvaU-HrgtQX-eqoMnfQW1dX419iAy4iKBTQLf0CpyFys0XBoa4QERm3fyfiofSRUngBXKDw0ycWlta0vWutpIKMj5VX-ZXxBSG_Oz-9ZHzeiS6kfh8AFXVB07mhOeq8DFGeMM9KXZsAWjHmjYAQ%3D%3D%22%5D%5D

83 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://certify-js.alexametrics.com/atrk.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript	error	URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4 Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4 Message: Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.babup.com/file.php?get=gxbzwmkj6mv4 Message: Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.babup.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
ajax.googleapis.com
bid.g.doubleclick.net
certify-js.alexametrics.com
cm.g.doubleclick.net
connect.facebook.net
csi.gstatic.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
images.dmca.com
imasdk.googleapis.com
pagead2.googlesyndication.com
r3---sn-ua87zn7e.c.2mdn.net
ssl.google-analytics.com
tpc.googlesyndication.com
www.babup.com
www.file-upload.com
www.file-upload.org
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
certify-js.alexametrics.com
www.file-upload.org
142.250.115.120
142.250.181.232
142.250.185.162
142.250.185.170
142.250.185.66
142.250.185.78
142.250.186.131
142.250.186.161
142.250.186.162
142.250.186.174
142.250.186.34
142.250.186.74
142.250.186.98
142.250.186.99
157.240.251.9
169.150.247.38
172.217.16.138
172.217.18.2
172.217.18.4
172.217.18.8
172.64.151.101
185.89.210.46
188.114.96.3
188.114.97.3
64.233.166.155
74.125.98.72
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
03fd4e0f5af4bb78efd48c23c0b4c10cf5540c763d44edd6c5ef50e2e361d3b8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd3e64a75f43409aa3141f35c5d1bd599773aec49d61aaa02522dbe6101c247
0e33434b042c688fa1972d51e9c103fe592fca7a4dd50358c08449c7b0f5cb4c
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
16afd10c5c7dc7e0002b26134df5ae508a7856f7ea6aa136d67d59acd5eeee84
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1844b89b65fac45187ad45afef1672e645dc83425d7d26ddac84dbe458de7a7d
193ec9ef1ae295ac0b2cd35dd3251c1e0e10f12e2d26adc463e3a18836a0f2f9
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
245cec0922828c15b3709eb696bb5a565f2f911f71e242024570698701c9540c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
29c93b161db651fe77e7d3dece7d5e3a9628f04ed486165cac23368ef46c5600
29ef35d4653c0fda0fd74b8cbb9e040ea5ae2390c608e8c2eaf34819c649d9d6
2a12edc6ec3fd87045c1a1c9947c48ccd02164ed45b3f12edd1eec940c761bdc
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
357deeea18950b1ea4106557c3c32a1607e624d7723c98091a6574ce1ae51528
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
3ee4fb37951fdeb6b41843ff93de4c099d7a7ebcfa982352b7348f96de305ca5
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8
42cb6e9418b38463397378ace4fbf5ef9d58814c96c3f121d19e766f99327e25
473f98fc0967c2c122456fc402d7db00d57d3fe3b46a12d075d10eb26a55dd5b
47ce859f7f0f545825c8ab983547bbf88d0de3f52afebc7a1ccc0611661df70d
4d196aab20ec653c7f7dfc1e03cc9e2e3dd7f36ab63d756f7c436c93b26c1007
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
56c2a189b6dcdebf08b55d1394433c5a580f7b89e3abe02415d37f9e017a894b
5703b76412c27612085e569f57b0b34c7789fb9e5e7d90d17c1cc029ac8a0ab9
58aa3dcc78b117e68fda2e9d89705dfa9bad10b5041c95cb141bea1f8672f1e2
58c7b6bffabba04d72d8077b9efcfb4f7a6478b9e66c5b07a3a32e3cda3b1877
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d9f40b307cbe50c44c2e348601f39e06cbd8130bdff0ea2543f0556909364e5
5f817a5ef3f070ce44dc957dcb0579e6f14aa5aef2c51dd98edd9107fe4f0550
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
716b2a35acfc8e6a247c9e4d9e3c32dc2354b3a8a6e6481835a64b783a5ba4a3
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
7cf0f0c633ae481804aeef3e87bf5955c55c7988f77e8f101d01981b794bdc4c
83de3098eea2b98c56fdfeb0c629457592332865bcc8c69afbb4ff698febed4f
841f365e0540df77f892242a962098480625d80f10e380bfb93329a027978632
84d20fdbf9026581fa432a64ebcf1f131fd4e82e66a8d4caa2c0dad9c1ada086
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
90f9a91537423a9e17366a961119b51733c8d4a1e5b40fa8c535e1f0f812d3c0
9a8a09f97d4c0bc8c5f9a3f133737638c207986c9225e39afd7a5a750f71b3d4
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
a293858037c26780c417f84bbfd6f8a04cc62efb032d02cda106b285d1eaff96
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
b0aaf31cfa43bd5ebc3969c2ab627a26e3b0d94eb5c9e9b08f2d41ded339d00a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b31fd8814967c5b9425925e2681bf9970568ffb39891330e2397c2113dcb4c33
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
c3041f1efdd068a183d11ad2be6e7804bfe4fd11a6ffbf3c8de0657c8c044d6a
c45c8b81ccfcbc08127b74787d1b5974078756233de947986c357e28ed8f13ac
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d160d8d2c86d0352669c8adba3c48554e2ca62f3f19fe6acf1128773cc931c05
d3d3735e6f3278b24d9a20fb50db72c37c0bbcec41fb32554e3fe9bc33468e22
d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82
d7500501bbecebe29bdcdca5b2dee498986b09dde3dee7540ac73b6d37499ea7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
df64f6c124834e3389fa3839270ebf025d2a2880227a82b64bd0a44ddc58233d
e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b16276c4587cd936631604517b0fbd6be02877418445ae5ae42e25cb8ece40
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
eabaecedae11d29e49159e596879f2c243163f361525f2d35f09c053788cf79b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c5d83ec3c5cbc75ab6af15e4aa014764df3b9704614a8babbd707615c52a3f
f17e4508470310b98ce20e740d4eb1f88c59f4982a516ef254cb0e4139b9bd45
f27f803cb1f9a3691da9a391ddb754b9872f8cdecd4a8ee3918183f3723fe9d1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f837509cbb7ce626d0a03a099f9a018ee980e4dd8c76b6ae2fbf6c4df76f83c9
fb6761fb36c9f0fb07407410bbc01201a11e7835ff539f930882574d4b98e43e
fe52b1bfdf57839c3ce37204306ab9b9b3a3a2af7fc1468ecfee01e65efb552f
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

www.babup.com Open in urlscan Pro 188.114.96.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

188 Requests

91 %HTTPS

0 %IPv6

17 Domains

29 Subdomains

26 IPs

3 Countries

2554 kBTransfer

16914 kBSize

12 Cookies

31 Outgoing links

Page URL History

Redirected requests

188 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.babup.com Open in urlscan Pro
188.114.96.3 Public Scan

Screenshot
Live screenshot

Full Image

188
Requests

91 %
HTTPS

0 %
IPv6

17
Domains

29
Subdomains

26
IPs

3
Countries

2554 kB
Transfer

16914 kB
Size

12
Cookies

188 HTTP transactions
5 data transactions