Submitted URL: https://www.file-upload.com/y5lr3w1ctduh
Effective URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Submission: On January 13 via manual from DK — Scanned from CH

Summary

This website contacted 38 IPs in 4 countries across 31 domains to perform 268 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.babup.com.
TLS certificate: Issued by GTS CA 1P5 on January 7th 2024. Valid for: 3 months.
This is the only time www.babup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 7 188.114.96.3 13335 (CLOUDFLAR...)
22 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2400:52e0:1e0... 200325 (BUNNYCDN)
4 2a06:98c1:312... 13335 (CLOUDFLAR...)
39 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f08... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 22 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
35 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
4 142.250.186.34 15169 (GOOGLE)
11 2a00:1450:400... 15169 (GOOGLE)
6 18 142.250.186.98 15169 (GOOGLE)
2 4 104.18.36.155 13335 (CLOUDFLAR...)
4 6 37.252.171.53 29990 (ASN-APPNEX)
4 6 34.98.64.218 396982 (GOOGLE-CL...)
3 172.217.18.102 15169 (GOOGLE)
3 23.55.230.179 16625 (AKAMAI-AS)
3 3.160.196.34 16509 (AMAZON-02)
3 143.204.98.57 16509 (AMAZON-02)
1 2620:1ec:46::63 8075 (MICROSOFT...)
1 184.30.16.183 16625 (AKAMAI-AS)
28 95.101.148.38 16625 (AKAMAI-AS)
3 2600:9000:244... 16509 (AMAZON-02)
1 3 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 185.89.210.82 29990 (ASN-APPNEX)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
5 3.122.79.60 16509 (AMAZON-02)
9 130.211.115.4 396982 (GOOGLE-CL...)
1 1 165.254.203.172 2914 (NTT-LTD-2914)
1 1 20.230.171.39 8075 (MICROSOFT...)
1 202.233.84.1 ()
2 2 64.74.236.191 22075 (AS-OUTBRAIN)
1 1 54.146.46.22 14618 (AMAZON-AES)
2 2 35.157.103.71 ()
1 1 35.186.193.173 15169 (GOOGLE)
268 38
Apex Domain
Subdomains
Transfer
74 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
824 KB
43 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
cm.g.doubleclick.net — Cisco Umbrella Rank: 260
ad.doubleclick.net — Cisco Umbrella Rank: 163
243 KB
36 flashtalking.com
servedby.flashtalking.com — Cisco Umbrella Rank: 954
cdn.flashtalking.com — Cisco Umbrella Rank: 1296
ad-events.flashtalking.com — Cisco Umbrella Rank: 1404
stat.flashtalking.com — Cisco Umbrella Rank: 1445
secure.flashtalking.com — Cisco Umbrella Rank: 2387
278 KB
22 file-upload.org
www.file-upload.org — Cisco Umbrella Rank: 864914
550 KB
14 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143
70 KB
12 ad-score.com
js.ad-score.com — Cisco Umbrella Rank: 3066
data.ad-score.com — Cisco Umbrella Rank: 2906
488 KB
10 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 253
cdn.adnxs.com — Cisco Umbrella Rank: 1783
ams3-ib.adnxs.com — Cisco Umbrella Rank: 6829
35 KB
9 gstatic.com
www.gstatic.com
fonts.gstatic.com
109 KB
7 file-upload.com
www.file-upload.com
2 KB
6 ftstatic.com
ajs-assets.ftstatic.com — Cisco Umbrella Rank: 1744
agen-assets.ftstatic.com — Cisco Umbrella Rank: 1473
86 KB
6 openx.net
us-u.openx.net — Cisco Umbrella Rank: 524
1 KB
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 230
389 KB
5 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 369
fonts.googleapis.com — Cisco Umbrella Rank: 28
33 KB
4 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622
2 KB
4 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
4 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 570
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2029
38 KB
4 babup.com
www.babup.com
14 KB
3 bing.com
www.bing.com — Cisco Umbrella Rank: 53
5 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
176 KB
2 mfadsrvr.com
rtb.mfadsrvr.com
2 KB
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 626
1 KB
2 createjs.com
code.createjs.com — Cisco Umbrella Rank: 1669
125 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
148 KB
2 dmca.com
images.dmca.com — Cisco Umbrella Rank: 15449
10 KB
1 ctnsnet.com
ius.ctnsnet.com — Cisco Umbrella Rank: 7224
667 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 730
1 KB
1 microad.jp
aid.send.microad.jp
641 B
1 walmart.com
beacon.walmart.com — Cisco Umbrella Rank: 6155
978 B
1 mxptint.net
aep.mxptint.net — Cisco Umbrella Rank: 6019
787 B
1 microsoft.com
adsdk.microsoft.com — Cisco Umbrella Rank: 4271
38 KB
0 alexametrics.com Failed
certify-js.alexametrics.com Failed
268 31
Domain Requested by
39 pagead2.googlesyndication.com www.babup.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.file-upload.org
www.googletagservices.com
35 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
www.file-upload.org
22 googleads.g.doubleclick.net 2 redirects pagead2.googlesyndication.com
www.file-upload.org
googleads.g.doubleclick.net
22 www.file-upload.org www.file-upload.org
www.babup.com
18 cm.g.doubleclick.net 6 redirects googleads.g.doubleclick.net
17 cdn.flashtalking.com ajs-assets.ftstatic.com
11 fundingchoicesmessages.google.com pagead2.googlesyndication.com
9 data.ad-score.com js.ad-score.com
8 stat.flashtalking.com
7 www.file-upload.com 7 redirects
6 us-u.openx.net 4 redirects googleads.g.doubleclick.net
6 ib.adnxs.com 4 redirects googleads.g.doubleclick.net
6 www.googletagservices.com googleads.g.doubleclick.net
www.file-upload.org
5 ad-events.flashtalking.com
5 www.gstatic.com googleads.g.doubleclick.net
4 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
4 www.googleadservices.com
4 fonts.gstatic.com fonts.googleapis.com
4 fonts.googleapis.com googleads.g.doubleclick.net
4 www.babup.com www.file-upload.org
www.babup.com
3 secure.flashtalking.com www.file-upload.org
3 ams3-ib.adnxs.com googleads.g.doubleclick.net
cdn.adnxs.com
3 www.bing.com 1 redirects googleads.g.doubleclick.net
3 js.ad-score.com ajs-assets.ftstatic.com
3 agen-assets.ftstatic.com ajs-assets.ftstatic.com
3 ajs-assets.ftstatic.com servedby.flashtalking.com
3 servedby.flashtalking.com googleads.g.doubleclick.net
3 ad.doubleclick.net googleads.g.doubleclick.net
3 www.google.com 1 redirects tpc.googlesyndication.com
googleads.g.doubleclick.net
3 connect.facebook.net www.babup.com
connect.facebook.net
2 rtb.mfadsrvr.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 code.createjs.com cdn.flashtalking.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com www.babup.com
www.googletagmanager.com
2 images.dmca.com www.file-upload.org
www.babup.com
1 ius.ctnsnet.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 aid.send.microad.jp googleads.g.doubleclick.net
1 beacon.walmart.com 1 redirects
1 aep.mxptint.net 1 redirects
1 cdn.adnxs.com googleads.g.doubleclick.net
1 adsdk.microsoft.com googleads.g.doubleclick.net
1 region1.google-analytics.com www.googletagmanager.com
1 ssl.google-analytics.com www.babup.com
1 ajax.googleapis.com www.babup.com
0 certify-js.alexametrics.com Failed www.babup.com
268 47
Subject Issuer Validity Valid
file-upload.org
E1
2023-11-23 -
2024-02-21
3 months crt.sh
images.dmca.com
R3
2023-12-09 -
2024-03-08
3 months crt.sh
babup.com
GTS CA 1P5
2024-01-07 -
2024-04-06
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-10-22 -
2024-01-20
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
www.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
servedby.flashtalking.com
DigiCert TLS RSA SHA256 2020 CA1
2023-09-14 -
2024-09-14
a year crt.sh
*.ftstatic.com
DigiCert TLS RSA SHA256 2020 CA1
2023-02-06 -
2024-03-08
a year crt.sh
adsdk.microsoft.com
Microsoft Azure RSA TLS Issuing CA 03
2024-01-08 -
2024-07-06
6 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2023-08-24 -
2024-08-24
a year crt.sh
cdn.flashtalking.com
DigiCert TLS RSA SHA256 2020 CA1
2023-05-04 -
2024-05-03
a year crt.sh
*.ad-score.com
Go Daddy Secure Certificate Authority - G2
2023-09-02 -
2024-10-03
a year crt.sh
r.bing.com
Microsoft Azure ECC TLS Issuing CA 05
2023-10-18 -
2024-06-27
8 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
tls.adobe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-02-08 -
2024-03-10
a year crt.sh
ad-events.flashtalking.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-08-17 -
2024-09-03
a year crt.sh
*.send.microad.jp
GlobalSign RSA OV SSL CA 2018
2023-10-03 -
2024-11-03
a year crt.sh

This page contains 35 frames:

Primary Page: https://www.babup.com/file.php?get=y5lr3w1ctduh
Frame ID: 30E186BCEBFE16DE666809F39BD76BC0
Requests: 60 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/zrt_lookup_fy2021.html
Frame ID: B03462F70EDCED0CB0EC214B7C91FD37
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1705104717&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717283&bpp=3&bdt=250&idt=235&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2296480671586&frm=20&pv=2&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=246
Frame ID: AFCFABEFF4669694139794480BE642C1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Frame ID: A2F3044112DD7D5EE616498CB0F17760
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Frame ID: 2E633E5964489F875120064D517F48E9
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717288&bpp=1&bdt=255&idt=251&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=253
Frame ID: AF1E020C91A22DD1C390052243BEA901
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 440BB85DE15468AF8C644809DE4C24AC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EB59D6ADC9B8D448529D5AFA062F4175
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Frame ID: 232B7A407F03C15CFBFCC4B172DF3AF5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Frame ID: 1866CC7F97947D28FEDA7B63CA1FBB24
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Frame ID: 715084B69955B8258C357CD14E83CA4C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=50
Frame ID: 6B5C7D1E654D67D5008009A2292AE21B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 7F8ADFFF070C31A14631CC7EBF483CEA
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 01AD670F3EF95B82DE7C461BA23941B4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 9A5C59832FE3FF4A7602F39C5F3BE15E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 9F2062BD7A4B5E36C68ED3493AE51C9D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNV76QvdYdzjoIwJgiIM33ghCzxRtFgjXushfd3U2GbLa6Lj0J87uJ07wR_NL7NU3ZsZc3wJqIb4HghpV4J5OjVRWMmYAQ
Frame ID: E0C099A2020A5AFA939E7705CFF014D4
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: FFA8257E5AD9BF4465390175A735AD28
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNUEC0KEsuaTRUFKGbXv61Z42JyQUewcOAlgDZdaLJYd_2_x7zwUuKxmsIu3G2swTqserBm5GVZ24TLYds8BOG8memweXQ
Frame ID: FFF0B2F92A8D1C415211D487C10D2027
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 9383A020AE7BAC876AB45102AF983748
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYsYqKggIwAQ&v=APEucNUbCHF0ZKiTaVqNPDTu-YPEdtdhajMsZsym24oJTCqNutIVTS-2zoOoJNI8usizyx4V4gJjNq0LrbvqBI5vN-PJJ4Up5Q
Frame ID: E014691FD25248449FA6584A8153BAF4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 61B7F0210DB1C617FA07CDA94BC31B9E
Requests: 32 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 99008A7371915827B7A8670B02104A7A
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 440B6881D00F26D545A80824FEC978CB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 63698B14A0C21E33526E412C35006D2C
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Frame ID: 86DAE284556F730C2E007C308C1FC8E1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 477F6DFCE92CF47E0DFC4010B0E9EC8E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F383D052F1333683752C1048A222A072
Requests: 3 HTTP requests in this frame

Frame: https://adsdk.microsoft.com/native-to-display/sdk.js
Frame ID: AF73C85410C70AA9B7EF7EB6401119EE
Requests: 13 HTTP requests in this frame

Frame: https://cdn.flashtalking.com/116327/4064125/index.html
Frame ID: 252E04831A28D8F85900CAD48194A35F
Requests: 6 HTTP requests in this frame

Frame: https://cdn.flashtalking.com/116327/4064128/index.html
Frame ID: 35C08CAB03AE7AF0CA14AC08BC397B69
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 01A2CC3C31FC41584CB11AF9E84838A3
Requests: 9 HTTP requests in this frame

Frame: data://truncated
Frame ID: 45FC3BF8EA1CB62D46779A0434A55DE1
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3F2CDAF31B61B7AADA21B6C048278A82
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 24BD4C29F41C0F47AD45AF743909E3FB
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

File-Upload – forex-article.store – FileUploadFile-upload

Page URL History Show full URLs

  1. https://www.file-upload.com/y5lr3w1ctduh HTTP 301
    https://www.file-upload.org/y5lr3w1ctduh Page URL
  2. https://www.babup.com/file.php?get=y5lr3w1ctduh Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

268
Requests

85 %
HTTPS

50 %
IPv6

31
Domains

47
Subdomains

38
IPs

4
Countries

3656 kB
Transfer

10299 kB
Size

31
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.file-upload.com/y5lr3w1ctduh HTTP 301
    https://www.file-upload.org/y5lr3w1ctduh Page URL
  2. https://www.babup.com/file.php?get=y5lr3w1ctduh Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.file-upload.com/y5lr3w1ctduh HTTP 301
  • https://www.file-upload.org/y5lr3w1ctduh
Request Chain 13
  • https://www.file-upload.com/mngez/css/app.css?v=1 HTTP 301
  • https://www.file-upload.org/mngez/css/app.css?v=1
Request Chain 14
  • https://www.file-upload.com/assets/images/logo_new.png HTTP 301
  • https://www.file-upload.org/assets/images/logo_new.png
Request Chain 16
  • https://www.file-upload.com/mngez/images/anti1.png HTTP 301
  • https://www.file-upload.org/mngez/images/anti1.png
Request Chain 17
  • https://www.file-upload.com/mngez/images/anti2.png HTTP 301
  • https://www.file-upload.org/mngez/images/anti2.png
Request Chain 19
  • https://www.file-upload.com/assets/images/norton.png HTTP 301
  • https://www.file-upload.org/assets/images/norton.png
Request Chain 27
  • https://www.file-upload.com/mngez/js/app.js?v=20 HTTP 301
  • https://www.file-upload.org/mngez/js/app.js?v=20
Request Chain 67
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C3qJvTdWhZZeQJqSsi9YPj-6pwA7fi6OpdYrli9PDEpSzkeGKQhABIIK6uHxg9QWgAaWh-9oqyAEJqQIRJ-Q3hmGyPqgDAcgDywSqBMIBT9BI30A4toWBtW8BPuv43CpmIWj8ivqBzMa59IZEpGSCaQTP11REHW1vJNa0Q2fBPiuYmZiWbvVgjBg0l9k726JauqLO21h5ZXTBCY7O_H174PqlCXBNhpjO-J0sJ-kjLLvnrR9IXvKcWs2jGQtvIFMQtTktuFCA_A_yTJmx7Sj-Dy_Ui1lR672aDRmW8Hi3mUkt0JpLCvnSgfx3Hio_WMqujNKGWkVwYkeBsi0Wxem3OrPIp4593m0WwRZDBU5r99jABNLJlIDJBIgFoKTV9E2SBQQIBBgBkgUECAUYBKAGLoAHpdnLugWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBDr7RDSCB8IgGEQARgfMgKKAjoEgECAQEi9_cE6WMfC-oeK2YMDmgkiaHR0cHM6Ly9jaGUubXlhbWF6aW5nd2ViLmNvbS94N3Q4aYAKAcgLAdoMEAoKEODOjrWX347PahICAQO4E-QD2BMM0BUBgBcBshccChoIABIUcHViLTkxNzY1MjE4OTgzNDE5MDkYAA&sigh=mLWqaoKXqkY&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_DWtkQJEiKbcq3QsExNZ0W_HNC6RAliiKzXTKuEjhWyZyMuDIKBZYGhC4L-osLf8fiIEXQcFQKu37K2xu_5mqXdqKd6Yo0ATYdMwYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ae83fd8f2fff0000000000000000%22,%222%22:%220xe380dd21f76f6fe0000000000000000%22,%223%22:%220xb529bd9a4942bf010000000000000000%22,%224%22:%220x9efbaffe65e814b20000000000000000%22,%225%22:%220xe22252b7ddcd37f80000000000000000%22},%22debug_key%22:%228431152338533916319%22,%22debug_reporting%22:true,%22destination%22:%22https://myamazingweb.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211465052325%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212312182097066176801%22}&andc=true
Request Chain 86
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CICVXTdWhZf2lJq7ptOUP4_K8kATe-puKdbT35_nsDpCSyePCARABIIK6uHxg9QWgAc_h-9IDyAEJqQIuMb0Ryq2zPqgDAcgDywSqBMoBT9BmbmvpC6yrAl4c6gatcpdAinDbMW-LaMKTsBuEDFyInLLGEVDcbZxWvvxO6kRSAO9BR_uKEGTKV634V63lYPocehvPuKo7TjnZ7uWzp6geZ-lZQkTty1iRQpBvT2c1wIcIHwFEkYTXXIkUF8sMmvP_3BUkOvb95XmftehYgMCpPMnL-SdPyi9ooYiDawuWsc1DHszVVvC_N-mvgo9_J1fz-a0t13B2ZlMPa2KG1wFBLmzRjNnOrMqNefNok7mCjSh0cMIO2sAlu8AE0Kf9nNkDiAWcv5D7NaAGLoAHmZ6ELagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEKvMBNIIHwiAYRABGB8yAooCOgSAQIBASL39wTpYp876h4rZgwOaCTNodHRwczovL3d3dy5hY3MuY2gvZGUvcHJvZHVrdGUvTmV3LVBhbm5lbmRpZW5zdC5waHCACgHICwGiDAgqBgoErLqxAtoMEQoLEMCJ396G_5bDowESAgEDuBPkA9gTA4gUBdAVAZgWAYAXAbIXHAoaCAASFHB1Yi05MTc2NTIxODk4MzQxOTA5GAA&sigh=DVmzY3_PA1g&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_UNywO46V03lcJgP2qo-gtoyGwQm_U4Rv1srejGbAQC7LfVIoZUQP0KkoZBfUlwLEKcXAkHPMEPKX3_HqZ6P6aIG_6cKvJ9zXGBgB&template_id=484&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x35af551849e9af8c0000000000000000%22,%222%22:%220x4c18aa1cec8a15a30000000000000000%22,%223%22:%220x97bc8d1c4fd599850000000000000000%22,%224%22:%220x512489c30c7139450000000000000000%22,%225%22:%220xb5b9e8e5239047bb0000000000000000%22},%22debug_key%22:%225155900311005187620%22,%22debug_reporting%22:true,%22destination%22:%22https://acs.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22979300559%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223611148077843451921%22}&andc=true
Request Chain 120
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
Request Chain 121
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaHVTh7I1N-PS6MZyDTt3QAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
Request Chain 122
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
Request Chain 123
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
Request Chain 124
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
Request Chain 125
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDAxYjY2YmYtYTRiYi0yZGM0LWM5MTAtODVhZTE5OTIyNTQz
Request Chain 138
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
Request Chain 139
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
Request Chain 140
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
Request Chain 141
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWQ0ZmU1ZWEtOTdjMS0yNTI0LWQ2ZWQtMWE3YWJkN2IzOGI4
Request Chain 142
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 206
  • https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=ce3a31b0-b789-4f85-9d5a-1ad966023d3d&bidId=1&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=d7f0d34a-c0ca-4ff5-a4d1-f93b02958770&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_1-1-0%3F%26RG%3D786717e8c2714196a1124aedaa1bc021%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=6929499&trafficGroup=knaqe_3c&trafficSubGroup=zzf%3Aknaqe_3c_fae_qverpg&aid=5744354021638370275 HTTP 303
  • https://www.bing.com/aes/c.gif?DI=0&DIS=SB_1-1-0?&RG=786717e8c2714196a1124aedaa1bc021&SNR=1&GV=2&med=10
Request Chain 237
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEJLvIECpcM0CATC0KhEICo0&google_cver=1&google_push=AXcoOmRwdHFuTA-DIt5poz7KfFBFK_Et5_M1hYjE2HU43JRCRkQ9a7g7I_n60gM7wzW1op9pbb2WIJYF8n3wVOPBcRg3vaQCNL5Jgp59a8V1RuLJt96RBM4JqjmzU7mgQey2MfPyxJA2hxv22otrrWA3Nt2hew HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmRwdHFuTA-DIt5poz7KfFBFK_Et5_M1hYjE2HU43JRCRkQ9a7g7I_n60gM7wzW1op9pbb2WIJYF8n3wVOPBcRg3vaQCNL5Jgp59a8V1RuLJt96RBM4JqjmzU7mgQey2MfPyxJA2hxv22otrrWA3Nt2hew&google_hm=UjM1Q0E5XzEwRjMyOUE3Rl84QjhENzNCMg%3D%3D
Request Chain 238
  • https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESELUurQLxj04gv3srbMUkU0E&google_cver=1&google_push=AXcoOmRR9iJ6qsti4BEEkWQzPLa8nXcWIYB-devFMGOwn_FfjtkVn082Gm6YmXBr2Lh3_YhyEQa8P9n2kngSrphVJM4VyFTyCehkBiazXE2EHA8phebJvV6aOCuf_-TdTRf2Rt4Xy-YkpA2sX3C0xp-rWZjArQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=YeffSlFlUUXv-s_Vd-jTfg&tap=gAds&google_gid=CAESELUurQLxj04gv3srbMUkU0E&google_cver=1&google_push=AXcoOmRR9iJ6qsti4BEEkWQzPLa8nXcWIYB-devFMGOwn_FfjtkVn082Gm6YmXBr2Lh3_YhyEQa8P9n2kngSrphVJM4VyFTyCehkBiazXE2EHA8phebJvV6aOCuf_-TdTRf2Rt4Xy-YkpA2sX3C0xp-rWZjArQ
Request Chain 240
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEPq1Wnw5ksDc9kaLUecsWcU&google_cver=1&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19Fzpbv2-y_NvpH_iYj1ool4_Hzd73yy0_p_yt3HVQekU7QfjsMQPlEtb5kp-tuLHNGko_bK5W6g HTTP 302
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEPq1Wnw5ksDc9kaLUecsWcU&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19Fzpbv2-y_NvpH_iYj1ool4_Hzd73yy0_p_yt3HVQekU7QfjsMQPlEtb5kp-tuLHNGko_bK5W6g&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19Fzpbv2-y_NvpH_iYj1ool4_Hzd73yy0_p_yt3HVQekU7QfjsMQPlEtb5kp-tuLHNGko_bK5W6g&google_hm=eEdPbFRZR1p6RkJkS1hzOGxIbDk=
Request Chain 241
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEIm-Fg98JcOJdJB_KxXHF1U&google_cver=1&google_push=AXcoOmSSadZsyJZkmya0RA3Uv4toESV5-BRWgg-VzlBnw4vhwm5NN_JQj7wl21UTJVHHHcVh9MRCSbw5U4AgYqoOVtsNDAyAVwu4x1JRpNQPUFXCplU3P1sjuokCidrfHwCa-AosxzP43eHcf1o_Gy7XIczQ5kI HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=kH8GmqA1X0l1b9rZNdpIFrAKahc&google_push=AXcoOmSSadZsyJZkmya0RA3Uv4toESV5-BRWgg-VzlBnw4vhwm5NN_JQj7wl21UTJVHHHcVh9MRCSbw5U4AgYqoOVtsNDAyAVwu4x1JRpNQPUFXCplU3P1sjuokCidrfHwCa-AosxzP43eHcf1o_Gy7XIczQ5kI
Request Chain 242
  • https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEKeGrS_FZeBgqh9WY_OwesE&google_cver=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyrI8wzYdhUD37r9EnIU2w1tpJN74gopWoHKDPIAV_CUVW3WmF85WGXWQLEt6vOctnzQHaIhP0UWetAQYVO_ahwCYgI3v HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEKeGrS_FZeBgqh9WY_OwesE&google_cver=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyrI8wzYdhUD37r9EnIU2w1tpJN74gopWoHKDPIAV_CUVW3WmF85WGXWQLEt6vOctnzQHaIhP0UWetAQYVO_ahwCYgI3v HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=Sin7ACeFR_qpRdwPNl7e_Q==&no_redirect=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyrI8wzYdhUD37r9EnIU2w1tpJN74gopWoHKDPIAV_CUVW3WmF85WGXWQLEt6vOctnzQHaIhP0UWetAQYVO_ahwCYgI3v
Request Chain 243
  • https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESECcJcpxiqIOnBqkAX4JTHVI&google_cver=1&google_push=AXcoOmT_l7ye0OHuY0Cuz2CgcgwRTuQcaAV8HhkRq5SA3FAL5qMsJvDZS4ogm77Dci0q4mS8ukA6i5WpnOuiwL7r6FjvoCyrlfBarllsShE0oGoczays-onLGgqYrBrqAvo5r6jT4rPoEFVngVFFn-V-d47cS48O HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT_l7ye0OHuY0Cuz2CgcgwRTuQcaAV8HhkRq5SA3FAL5qMsJvDZS4ogm77Dci0q4mS8ukA6i5WpnOuiwL7r6FjvoCyrlfBarllsShE0oGoczays-onLGgqYrBrqAvo5r6jT4rPoEFVngVFFn-V-d47cS48O&google_hm=R4zQzqvSR8yIDyOQGWJCPxc

268 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
y5lr3w1ctduh
www.file-upload.org/
Redirect Chain
  • https://www.file-upload.com/y5lr3w1ctduh
  • https://www.file-upload.org/y5lr3w1ctduh
27 KB
7 KB
Document
General
Full URL
https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
275c19cd05800cd895707c6ce228c8b502126b25a79e50a0ca6dbede77f1364f
Security Headers
Name Value
Strict-Transport-Security max-age=0;includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84496cbf4d2abb1d-MXP
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 13 Jan 2024 00:11:56 GMT
expires
Fri, 12 Jan 2024 00:11:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2BkkLCAOAoPPqxoCYugBLLBM2FztZ3r3Mmv%2FnIuszuliDEe8fAadNOffyhIqCA7T0UFhDTcRqF6UY%2F9oAfw416imzA%2FEoQCKSD1VJt07lvX14hAvILhGTUzw7MFuD%2BtIfWUUQV3Ga5sTm0Ghw5LjBwd0"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=0;includeSubDomains;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84496cbe9d3083b2-MXP
content-type
text/html
date
Sat, 13 Jan 2024 00:11:56 GMT
location
https://www.file-upload.org/y5lr3w1ctduh
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YcgUZcInAE8gSQfSqxzfsnUhyjY9Wm9gy6mFMT2XPKQQvmpDd6zQJTRwoFzC8FDE7gp31G7mqrIJVek0JAZa8psNayXbv%2BgIpAO9U04EYdQGy2xuMMpdAI295vvIW%2FhJ01p%2BnUF"}],"group":"cf-nel","max_age":604800}
server
cloudflare
app.css
www.file-upload.org/mngez/css/
247 KB
41 KB
Stylesheet
General
Full URL
https://www.file-upload.org/mngez/css/app.css?v=1
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1084415
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
W/"3dcf1-5fe4d56ca6b7a-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VgBm8gDymu9Ek8pJ22rdvJa3Kh80BLMcFtZke9ag1Ab0uWRKBfwvq3xGNT5YA9ipIAmSickMKpM%2BUuVJ2j7EIT4Z62O%2BqjQpE%2F58GwS6x5g9IMRb3zM3RENIRjZoPTWsZiyjdLn1USBeb6Q%2BwS7hiINb"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=2692000
cf-ray
84496cbfbd81bb1d-MXP
expires
Mon, 01 Jan 2024 10:58:21 GMT
app.js
www.file-upload.org/mngez/js/
235 KB
80 KB
Script
General
Full URL
https://www.file-upload.org/mngez/js/app.js?v=20
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3aa0d-5fe4d56c9e2c2-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gjbE%2FgplFnE9eDh5CRT6xB8wgg7EhvnFrm%2FNilJBafgS60S3GtpLRipzG5WA7sX0BE8%2FRwjZz32VHcpsljaZ22trwOfKeKAgNljegcIw%2F%2F%2Fkx0CS2fID9PcOIG%2BZKCgH%2FT375iBGfq6L7oALtBHpg%2BiA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2692000, private
cf-ray
84496cbfbd85bb1d-MXP
alt-svc
h3=":443"; ma=86400
logo_new.png
www.file-upload.org/assets/images/
3 KB
4 KB
Image
General
Full URL
https://www.file-upload.org/assets/images/logo_new.png
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3775845
alt-svc
h3=":443"; ma=86400
content-length
3215
last-modified
Sat, 17 Jun 2023 06:23:28 GMT
server
cloudflare
etag
"c8f-5fe4d56f9b8f9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CyLoK5gE2HIN4GG%2B5njuD%2FnEtOCdvoeRln4hbeFLtNgiVvtWh%2BK%2BVNhsmVZMH0yUrNtG%2FGHxSrxO8znyYvAIWxxhdiJTwU1ka%2BxXO006kJVqKaPL0JkvK9GyAiKkPlfaocF5isqLjO7ny0QXVV%2FiGg%2Fc"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cbfbd88bb1d-MXP
expires
Thu, 07 Dec 2023 07:21:11 GMT
email-decode.min.js
www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://www.file-upload.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 27 Dec 2023 10:36:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"658bfe17-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mtc6Be9eGp1vR%2B2MqUDKHhmcu9iw66equAvucZaWSX9gwpsSepm4JdSpxHAxVZxrkKSTdyvFfL3oUavO%2FoaDbGZIp9XiZPi%2FuOmrO49pZjOGTmCaN2lTR8Yh2gsME01cw%2FKkm4EQQZfzTK1lo%2FF01tkS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
84496cbfbd89bb1d-MXP
expires
Mon, 15 Jan 2024 00:11:56 GMT
anti1.png
www.file-upload.org/mngez/images/
19 KB
19 KB
Image
General
Full URL
https://www.file-upload.org/mngez/images/anti1.png
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3708579
alt-svc
h3=":443"; ma=86400
content-length
19118
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"4aae-5fe4d56c96d92"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NdcvdDEZ6vPtTOOUMmW2n9cpMfLXkLlYO%2FSdxnhP4A%2B2okCnPvLUHdvFzvMAqShfTZZ6zOzti2hPiJwv1dlXRNwGdtj8wT62vukuUlMny6t8Nvgcp7xSb8GIOgjO7eY7QwL0q2AfJPEIiKvQG2rtaPR"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cbfeda4bb1d-MXP
expires
Fri, 08 Dec 2023 02:02:17 GMT
anti2.png
www.file-upload.org/mngez/images/
641 B
981 B
Image
General
Full URL
https://www.file-upload.org/mngez/images/anti2.png
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3869384
alt-svc
h3=":443"; ma=86400
content-length
641
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"281-5fe4d56c988ea"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4%2BKOU7rLmd%2Bnz3NNGegEX0b0mlhDzGqZIYkAx0bzuydLBEsLBf970RgMzF7B7Hxj%2Fm3iAR%2FQklPwU3cnscsrQo%2BQ5QsNR9g70tVrcPcISN6MJuMeRBhPXKYwqULJp4GcfORmIrGsanT0cAuFY4Pj%2F0c"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cbfeda8bb1d-MXP
expires
Wed, 06 Dec 2023 05:22:12 GMT
_dmca_premi_badge_4.png
images.dmca.com/Badges/
4 KB
5 KB
Image
General
Full URL
https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1082 / ASP.NET
Resource Hash

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cdn-edgestorageid
1080
x-powered-by
ASP.NET
cdn-cachedat
10/31/2023 19:00:16
cdn-pullzone
1574055
content-length
4535
last-modified
Thu, 02 Jun 2011 03:26:26 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"0abbdbd420cc1:0"
content-type
image/png
cdn-cache
HIT
cdn-uid
c136c664-112d-4533-8247-f90f6849ab39
cache-control
public, max-age=31536000
cdn-requestid
492b3d97c595b97e767d6c34113648d1
accept-ranges
bytes
cdn-requestcountrycode
CH
link
<https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
norton.png
www.file-upload.org/assets/images/
5 KB
5 KB
Image
General
Full URL
https://www.file-upload.org/assets/images/norton.png
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3794691
alt-svc
h3=":443"; ma=86400
content-length
4963
last-modified
Sat, 17 Jun 2023 06:23:28 GMT
server
cloudflare
etag
"1363-5fe4d56f95368"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cL%2F4KBcYIRIbLvBl%2BaGlfK37HF%2Bo6rNTz%2Ffe2JcSJ8woToGv9A2RIEpZ453zzT2NV8Ybh9G6n2OXvBFbRrifR3FFfkthMYem8FaiW18d23yCRZwy2NbvYPgRKUF3%2BmXO3TH8rZHNmaBaAb5CJLxjMHDr"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc01a3f0de8-MXP
expires
Thu, 07 Dec 2023 02:07:05 GMT
Primary Request file.php
www.babup.com/
23 KB
7 KB
Document
General
Full URL
https://www.babup.com/file.php?get=y5lr3w1ctduh
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.34
Resource Hash
04d6952bf30fc80e0e40eefa6209d241f035e64cc34ae6bcc11257d8bc43d45e

Request headers

Referer
https://www.file-upload.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84496cc0cb26ba9f-MXP
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 13 Jan 2024 00:11:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h4EZo0F2pJWRBdTGztqicuZ0rOZW%2BL86TgCC51YkxJ9KniGtzMsoP77h8GZYmQOI8cS0%2FOtRWuGYZtRUAcIttlqb7Y26KNfwvN1HaFPvCOnTwaj%2FWsVlXP5Q%2BP25C4DKgRsDC%2F2YR5aSkbVp"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/7.2.34
flags.png
www.file-upload.org/mngez/images/
15 KB
15 KB
Image
General
Full URL
https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5508339
alt-svc
h3=":443"; ma=86400
content-length
15022
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"3aae-5fe4d56c9bbb2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1XMlfQnJMaJ9Ktu9QDjJhD9l2tBMf3kB0i1uAx0B7g2dhuz%2F3jo9OOyVYi5ckNt0icEa72v4OfewlEZ2YMbTyJnk2Ap4Uk5Z7YOKsURTTeFmFgc4X0Ga0oYLyQUuHZqn6JLrR04RuDszv0CttVfOBMU"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc07ab40de8-MXP
expires
Fri, 17 Nov 2023 06:06:17 GMT
fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/
75 KB
76 KB
Font
General
Full URL
https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.file-upload.org/mngez/css/app.css?v=1
Origin
https://www.file-upload.org
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1393
etag
"12d68-5fe4d56c8e4d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2G3rzVEi5TjuQRFXPKwc3ACyg%2BClCqxKIwsvmA9oZ5Jc8c9u3mH5%2FHkSA9aOiPCo8NdNhwr34B0CmpRUl8PLakSswKSzJToNn0vFqj5VJ56A1U%2FVixD7uDnnihr7S2SpSOg1pJGUPnYpRUZLd%2FXV%2Bm0"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
84496cc07ab60de8-MXP
alt-svc
h3=":443"; ma=86400
content-length
77160
poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/
8 KB
8 KB
Font
General
Full URL
https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.file-upload.org/mngez/css/app.css?v=1
Origin
https://www.file-upload.org
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2295
etag
"1ee0-5fe4d56c8f861"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNgIogqw4eOyGPWFAjOTbf8e7cJIEsj%2FBEEKr5J3hSkuM5GfeuhQ3R0GtGEBIXRHnf80b6hVZvz9alWfRTQPpO3H9R8%2B%2FTTEm0HWqL8SARLClX1bB3GGJOssD656EnX15gOR%2BQ73iLzWZz1UEE%2B3xw9a"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
84496cc07ab70de8-MXP
alt-svc
h3=":443"; ma=86400
content-length
7904
poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/
8 KB
8 KB
Font
General
Full URL
https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.file-upload.org/mngez/css/app.css?v=1
Origin
https://www.file-upload.org
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:56 GMT
cf-cache-status
HIT
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1654
etag
"1ecc-5fe4d56c90801"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=274kbaRxMDStu2EgYbWjU1jEvyCPYax9RQoqweiXB807yWuctKQdDR%2Bl3hJ1vDmg8B9oNaVnyqy3oW8HI9I9R47H1Ng0ixA4eu%2F6AOBwwmmFc2lYWkHyFhzcRo1BcnhP0Drmx9md8DTF2S6Qg3ft%2BJo3"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
84496cc07ab80de8-MXP
alt-svc
h3=":443"; ma=86400
content-length
7884
app.css
www.file-upload.org/mngez/css/
Redirect Chain
  • https://www.file-upload.com/mngez/css/app.css?v=1
  • https://www.file-upload.org/mngez/css/app.css?v=1
247 KB
41 KB
Stylesheet
General
Full URL
https://www.file-upload.org/mngez/css/app.css?v=1
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H3
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
825253
alt-svc
h3=":443"; ma=86400
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
W/"3dcf1-5fe4d56ca6b7a-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uX7nc76yvhgE73vOpgldu3qIgFAJT4ktLS6kiphUtD7FWpyNPq8aL2QMRpnqful3iF9kFudtqvlWAXlangqMvKCjofWZOLN7c%2BjNP1gaoH%2F1bBQnVAxTeGL0cvlzF6XBdmSc6tlC53nAhoqVwoD96E7u"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=2692000
cf-ray
84496cc1abd60de8-MXP
expires
Thu, 04 Jan 2024 10:57:44 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
478
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyVajsy2uC8rSFTOHfYkIaPaNHSbeoqm7gpWuxleDUp5bAR4etHnBLJngw%2FcNz6eowL3TSX06LRyCbLvvZrfoX1taJo8q0OM2YRlMnplRutqSsOHznqGcTuvpDOOPHDRxCyqA6tP"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://www.file-upload.org/mngez/css/app.css?v=1
cache-control
max-age=31536000
cf-ray
84496cc1781583b2-MXP
alt-svc
h3=":443"; ma=86400
logo_new.png
www.file-upload.org/assets/images/
Redirect Chain
  • https://www.file-upload.com/assets/images/logo_new.png
  • https://www.file-upload.org/assets/images/logo_new.png
3 KB
4 KB
Image
General
Full URL
https://www.file-upload.org/assets/images/logo_new.png
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H3
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3698184
alt-svc
h3=":443"; ma=86400
content-length
3215
last-modified
Sat, 17 Jun 2023 06:23:28 GMT
server
cloudflare
etag
"c8f-5fe4d56f9b8f9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EKzKa%2FosbzWYSTVqev9sbK3n8amLt4%2FVlJZUWOiKT3%2B8BbCLO4MHt09KKDjBUJw805tUWKrw5nFMhRLZ5bMV%2BTF2%2BPV1gjA7IwUf6ZTDsPym8MsqswgmqpSknNb9SIG%2FoirZqsSAQs9LWDeB4P1LguKN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc1abd80de8-MXP
expires
Fri, 08 Dec 2023 04:55:33 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
478
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0TyGtCOFMHt2BmQZVpGYWpgTyFw67JZVMR623yovCEwEzhkICzVVIS0QUSdH5KVdytpDV9zlKq9HwIHc6VjzEo5R%2FVac1ODAdd5KtIA2bT2eV1dyBhAXFi3rFUEvNaiPBc80cXCb"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://www.file-upload.org/assets/images/logo_new.png
cache-control
max-age=31536000
cf-ray
84496cc1881883b2-MXP
alt-svc
h3=":443"; ma=86400
email-decode.min.js
www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://www.babup.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/file.php?get=y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 27 Dec 2023 10:36:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"658bfe17-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ukUUl4XB%2BC%2BI1j7FJB0gS9zfUu4U0J9GkZU6mvih%2F%2FGmF8ENFgnhzAy10WFPfMDjjqmSPhF3EtI9FF%2BApsxjwQWBwMgvO%2BsHS%2BzD5qgPRCNssW6iZNZbN0oeIP93J5ony0XPC4glyAPBsgWL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
84496cc17b99ba9f-MXP
expires
Mon, 15 Jan 2024 00:11:57 GMT
anti1.png
www.file-upload.org/mngez/images/
Redirect Chain
  • https://www.file-upload.com/mngez/images/anti1.png
  • https://www.file-upload.org/mngez/images/anti1.png
19 KB
19 KB
Image
General
Full URL
https://www.file-upload.org/mngez/images/anti1.png
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H3
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3794692
alt-svc
h3=":443"; ma=86400
content-length
19118
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"4aae-5fe4d56c96d92"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fI5JxPDcjTLSWGBFaTDOjem%2BIOD95CsigSOf27KkbhqGeAHqo0AXJsg8AgHXHCV5%2BZNicgqJ%2Fb1Dt9U0vAzK2X0laDHDEtZlpVuncuxIcmJpLITj2xd2swhUikkKyFwVK7m0VXY6xzZocHMY%2FUxvAJU1"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc1bbe40de8-MXP
expires
Thu, 07 Dec 2023 02:07:05 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
556
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7r0txyXNTqKLba416Ds2C7NPFJWUPhr%2FcEm0KQd4YJkhb5gEDu32U%2FWaLSRKLVTUh21zuYcv70JxiJJe1dRN4W0AG7N5tWUekq2D1n8GWUK4ZdGASNtF5o8nO6vOnQijVcP%2F79uN"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://www.file-upload.org/mngez/images/anti1.png
cache-control
max-age=31536000
cf-ray
84496cc1982583b2-MXP
alt-svc
h3=":443"; ma=86400
anti2.png
www.file-upload.org/mngez/images/
Redirect Chain
  • https://www.file-upload.com/mngez/images/anti2.png
  • https://www.file-upload.org/mngez/images/anti2.png
641 B
1 KB
Image
General
Full URL
https://www.file-upload.org/mngez/images/anti2.png
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H3
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5613069
alt-svc
h3=":443"; ma=86400
content-length
641
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"281-5fe4d56c988ea"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AM7p1Pq6fondbsbLgm1MWaonpeuzQ7FSlcGRoEVWX6U1htaHBMxmAKlyHh5cld5amKVqlpSik1dWu0CzU3Q2tSTvP%2FCKzgIe2tf5UVnfE4%2B7sM7LAZqKNYyBuzjW2qZX8L%2FQPmdZn91qA%2BO2%2FJru7T4E"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc1bbe90de8-MXP
expires
Thu, 16 Nov 2023 01:00:48 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
556
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtkPIrrtLrXucpAuEZLb2Z4yjAjUBfexm7Exc%2BSUckasoSg18Oj%2Fj8pgC8lVruhQMLh2Z3m073H02xgEZqSSalOs2ymfzJvxb%2B187aD72FPcB9h0U3mkSKTiFX8hTMy%2Fc93zwtKC"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://www.file-upload.org/mngez/images/anti2.png
cache-control
max-age=31536000
cf-ray
84496cc1982883b2-MXP
alt-svc
h3=":443"; ma=86400
_dmca_premi_badge_4.png
images.dmca.com/Badges/
4 KB
5 KB
Image
General
Full URL
https://images.dmca.com/Badges/_dmca_premi_badge_4.png?ID=ff6622a1-89c3-492e-8fab-02994910b766
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1082 / ASP.NET
Resource Hash
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cdn-edgestorageid
1080
x-powered-by
ASP.NET
cdn-cachedat
10/31/2023 19:00:16
cdn-pullzone
1574055
content-length
4535
last-modified
Thu, 02 Jun 2011 03:26:26 GMT
server
BunnyCDN-DE1-1082
cdn-proxyver
1.04
cdn-requestpullcode
200
etag
"0abbdbd420cc1:0"
content-type
image/png
cdn-cache
HIT
cdn-uid
c136c664-112d-4533-8247-f90f6849ab39
cache-control
public, max-age=31536000
cdn-requestid
0726a771b3ca776149640b03d37465a7
accept-ranges
bytes
cdn-requestcountrycode
CH
link
<https://dmca-images.azurewebsites.net/Badges/_dmca_premi_badge_4.png?ID=466fa1aa-ce2e-4b71-b329-6cd08d681302>; rel="canonical"
cdn-status
200
cdn-requestpullsuccess
True
norton.png
www.file-upload.org/assets/images/
Redirect Chain
  • https://www.file-upload.com/assets/images/norton.png
  • https://www.file-upload.org/assets/images/norton.png
5 KB
5 KB
Image
General
Full URL
https://www.file-upload.org/assets/images/norton.png
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H3
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3794692
alt-svc
h3=":443"; ma=86400
content-length
4963
last-modified
Sat, 17 Jun 2023 06:23:28 GMT
server
cloudflare
etag
"1363-5fe4d56f95368"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dxg54T%2BAMBJEJue3JCTE0JX7S1bccN2dMCihFcWfPlk%2BFgYMio2wD6swpUaYt9G5XidZQ9icg8gmaNVdpninCN531klneomcsgKpLb8ufjbAmVvHrOzyFxF4MhLnLF9Hy8G%2B3uK10gENxt0IV8XP15LF"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc1bbe80de8-MXP
expires
Thu, 07 Dec 2023 02:07:05 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
556
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qm7%2BiQo8hS5lUBnz1gNkWmF7oS9kXDWFpNca3InHpH1FeX80BcnNBrjfhr7zB05bNemVX4DGkdbfchp4MqBijQWOkX9MuG4p8fn0TlNg3wzewmFhaSceBuDVc66JEX0StP%2Btwyb3"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://www.file-upload.org/assets/images/norton.png
cache-control
max-age=31536000
cf-ray
84496cc1982a83b2-MXP
alt-svc
h3=":443"; ma=86400
rocket-loader.min.js
www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/file.php?get=y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 27 Dec 2023 10:36:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"658bfe17-302c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tw1%2F59pPCmyhzD3aVAbulHFDnuBJKF4qGvQxEwuq8oEmkJYRgvHOTDloYXl8CyoPmrUSK2aLnw9fCnl7k5OtfPP%2FIFQtpqHqUl1r9BB4msdvaLEsFD447Qrv%2FwB0G5Ty%2FkyxZB8GVFwdGqQO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
84496cc19badba9f-MXP
expires
Mon, 15 Jan 2024 00:11:57 GMT
flags.png
www.file-upload.org/mngez/images/
15 KB
15 KB
Image
General
Full URL
https://www.file-upload.org/mngez/images/flags.png?d4fb57708a39de8290622e0f24106367
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.file-upload.org/mngez/css/app.css?v=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5508340
alt-svc
h3=":443"; ma=86400
content-length
15022
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"3aae-5fe4d56c9bbb2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlUUBu%2BNbFWaf5JT63SBxENxW9EX1f9N37EmIskEml4DTupnUnJCaMyFASGqWC0oc7Uf1oRlDNRnfjFMjoP8xF6gibkPznrRyxrLZPOt2UySuxwpWqAtmpsOBF%2FKzCBvjOp1D5JCGytgxbLevozagG1Z"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc1ec0a0de8-MXP
expires
Fri, 17 Nov 2023 06:06:17 GMT
fontawesome-webfont.woff2
www.file-upload.org/mngez/fonts/vendor/font-awesome/
0
0

poppins-v5-latin-regular.woff2
www.file-upload.org/mngez/fonts/
0
0

poppins-v5-latin-500.woff2
www.file-upload.org/mngez/fonts/
0
0

adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
148 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2677bc8a20cdb42457624e21ac18c1ff50ddf298ddb16b17cd64ce40375ec208
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Origin
https://www.babup.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51523
x-xss-protection
0
server
cafe
etag
17104647443672702137
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:57 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/
82 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 18:49:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19369
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29671
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jan 2025 18:49:08 GMT
app.js
www.file-upload.org/mngez/js/
Redirect Chain
  • https://www.file-upload.com/mngez/js/app.js?v=20
  • https://www.file-upload.org/mngez/js/app.js?v=20
235 KB
80 KB
Script
General
Full URL
https://www.file-upload.org/mngez/js/app.js?v=20
Requested by
Host: www.babup.com
URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Protocol
H3
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3aa0d-5fe4d56c9e2c2-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vztZZQ%2FjFW4FDBwVDlVqol8FIwhp69r2DF4tlMY6DVJBNmPylr7pv8OnM6f6OS2oMsg%2FY%2BefhRQ%2FPKF1YW%2FdNaYRk6f2sBYyaoigHfwX1A1ymIMuQRca96yoFicgyUPlDKeFfn5eTuBC8%2Foeevbawb%2Fv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2692000, private
cf-ray
84496cc21c2f0de8-MXP
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
462
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MrUoBcWMsEw6T%2BLupEBPXMCxjhDTnahA9pB1Lw8NOxBub%2BTFoKdScQREGm%2F%2BlmAVA9z4YHYcUJcueWi5NvCdEV82CvtCZsQahkEHeR40LKPPQDumQRVpF9M03QJR7QQb%2BiIW%2Bj8P"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://www.file-upload.org/mngez/js/app.js?v=20
cache-control
max-age=31536000
cf-ray
84496cc1ea6ebb26-MXP
alt-svc
h3=":443"; ma=86400
atrk.js
certify-js.alexametrics.com/
0
0

ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 12 Jan 2024 23:49:56 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1321
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Sat, 13 Jan 2024 01:49:56 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
3 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d9aa91c7d072f946c153f671e0bf02e2407d5dd73031c05d830fc61d832484b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 13 Jan 2024 00:11:57 GMT
content-md5
i5AsAxn1nPg9bT4xmXd5zw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1685
reporting-endpoints
x-fb-debug
+Y0xV+TIdpRjnbmOWRMkuG1ZAXnUpHVTsI+WY0z1KsCal7twPJxEiQZgisen8lbVNiv7avAth0D9ePVZWoS+fw==
x-fb-content-md5
758e4be6ed368b4c83168a541255ad5f
cross-origin-opener-policy
same-origin-allow-popups
etag
"60b0999658e5a9a35756749128b8af55"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:17:54 GMT
sdk.js
connect.facebook.net/en_US/
302 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=7c2110b22b4d5e674b39cb584e8979a6
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b18a606524e3cad496d5f53c321f5da717683f389c807b9a33026a8bec965bf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.babup.com/
Origin
https://www.babup.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 13 Jan 2024 00:11:57 GMT
content-md5
IlTC4M44uZagUF/Jlfkw6A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
88317
reporting-endpoints
x-fb-debug
C592aD73ncCs+8nX2WzbezEhoIj5+tcfrHLTnKs+CuWhIg4xYunSHPIIq+vlCgUDGCkoNxUni/w+y9mqCgJv4Q==
x-fb-content-md5
ba6668cfed4be59846820ea6a2692832
cross-origin-opener-policy
same-origin-allow-popups
etag
"8531e668af19d057fb4cc92ca90398d3"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Thu, 02 Jan 2025 20:27:00 GMT
js
www.googletagmanager.com/gtag/
188 KB
68 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-119779859-1
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
296f2e47e3fe383460cbb78800582519fb9b41cd9f0d4f059f20eee8c27444f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
69384
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:11:57 GMT
blockadblock.js
www.babup.com/
6 KB
2 KB
Script
General
Full URL
https://www.babup.com/blockadblock.js
Requested by
Host: www.babup.com
URL: https://www.babup.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/file.php?get=y5lr3w1ctduh
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6156
cf-polished
origSize=6947
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 22 Aug 2023 10:11:48 GMT
server
cloudflare
etag
W/"1b23-6038039110a59-gzip"
vary
Accept-Encoding,User-Agent
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMdtmv9TojwMF1SYjV0lBwm7FzQn9oA8trCXvOfRWfOXG813ak8g1yM3jfpKTSv4OS6qYUGshmqIlm3Lvq9mfwYgcfjVQ1MFOe1ZR%2BxxkwU6LdRvqQsgLR0dPQsTl76%2BWO2gvdsPG%2BpnXuak"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
84496cc1ec094c3c-MXP
fontawesome-webfont.woff
www.file-upload.org/mngez/fonts/vendor/font-awesome/
96 KB
96 KB
Font
General
Full URL
https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

Request headers

Referer
https://www.file-upload.org/mngez/css/app.css?v=1
Origin
https://www.babup.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1154117
alt-svc
h3=":443"; ma=86400
content-length
98024
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"17ee8-5fe4d56c8f479"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=19ToPvKsO6KasgcWkIOYd%2Fd8pWQBLWoEs%2FrAl1Dz9tAscskJVegBoAdirGGp%2Br9V396Dlob6iMRHUrTXouxMViLLYAlLMV3OcwEBxdUNqsFBvb0BtTxGIIxfak11gFAIcxkdVNSdfKMYM9A9zWnGuS9q"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc2495bbadb-MXP
poppins-v5-latin-500.woff
www.file-upload.org/mngez/fonts/
10 KB
11 KB
Font
General
Full URL
https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff?0261e08bd22d9f91c1d277cd4874ec95
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983

Request headers

Referer
https://www.file-upload.org/mngez/css/app.css?v=1
Origin
https://www.babup.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1154117
alt-svc
h3=":443"; ma=86400
content-length
10420
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"28b4-5fe4d56c94299"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hmPCU5AFnUwKrry3QG0pYHQ6Rm1CzPfU6x9gNGjXVcdY4rmK6m%2FQCbeNbIhsnexb3yZn%2BmMuk%2FvqNQaQVwRFAXZiUxeUU%2FCg5k0LKwoarribSEuAU7Qv%2F9fRWI3CZSOfQoFe87GDa%2FHZ9kjxefzzWLNm"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc26972badb-MXP
poppins-v5-latin-regular.woff
www.file-upload.org/mngez/fonts/
10 KB
11 KB
Font
General
Full URL
https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff?1fce830e6112511a77108832e13172fd
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/mngez/css/app.css?v=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c

Request headers

Referer
https://www.file-upload.org/mngez/css/app.css?v=1
Origin
https://www.babup.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1154117
alt-svc
h3=":443"; ma=86400
content-length
10400
last-modified
Sat, 17 Jun 2023 06:23:25 GMT
server
cloudflare
etag
"28a0-5fe4d56c936e1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COhZ2Ibjj96htB%2BIun1gxmg8Lqjl9MZKmpNYMl8U%2B6ul1rncH%2FfFlkvroYpVR4rBqaaanZzpozD%2BmGICG%2FCV9BWMN4CPinpjVtEDs1TaAtlpEKVS%2B373pN1CtQdCsatxUsdAgoC7hh3VRGVsTBXYeKTZ"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
84496cc26976badb-MXP
sdk.js
connect.facebook.net/en_US/
297 KB
86 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=69ebc5c5cafbfc0bc57ebc89c7c5fb1d
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5c1e0b3e95f709cc25116fe5aa41699cdc9b4bdebb11b6accf0f45cb4ffe8d97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.babup.com/
Origin
https://www.babup.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 13 Jan 2024 00:11:57 GMT
content-md5
YwcGthn+aBzeUozoIWvAzA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
86932
reporting-endpoints
x-fb-debug
5N7COK/z0AoczeFA1IfVSRFewqFxoBaa3YUKE7qnzjgnxs5xcSfoX0pQ9NMqGrk+yIe92nQY7jvqP0CVmkN9Ug==
x-fb-content-md5
3e2b3af79b3f6363fa5786a40cff6f80
cross-origin-opener-policy
same-origin-allow-popups
etag
"154888608f45b2f1c90f2229dea5e2f6"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 11 Jan 2025 21:15:09 GMT
js
www.googletagmanager.com/gtag/
226 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c4240e9eaf9511fe3874d212d27668839cc1884f4efc8cf0578ea0db46818f09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81619
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 13 Jan 2024 00:11:57 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-119779859-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 12 Jan 2024 23:48:15 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1422
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 13 Jan 2024 01:48:15 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/
402 KB
136 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cdde1eb85d0f957179effd0b0fabd0881c22937c6121f6836d4c7dd9bde5b387
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
139347
x-xss-protection
0
server
cafe
etag
956782252792195223
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:57 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/ Frame B034
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9176521898341909
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
12705
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 20:40:12 GMT
etag
9219409622527106327
expires
Fri, 26 Jan 2024 20:40:12 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
region1.google-analytics.com/g/
0
253 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-3T7TKCZCC9&gtm=45je41a0v9114416819&_p=1705104717242&gcd=11l1l1l1l1&dma=0&cid=941796147.1705104717&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1705104717&sct=1&seg=0&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=459
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3T7TKCZCC9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.babup.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
1 B
205 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1170873792&t=pageview&_s=1&dl=https%3A%2F%2Fwww.babup.com%2F&dr=https%3A%2F%2Fwww.file-upload.org%2F&ul=en-us&de=UTF-8&dt=File-Upload%20%E2%80%93%20forex-article.store%20%E2%80%93%20FileUpload&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1822016104&gjid=685335043&cid=941796147.1705104717&tid=UA-119779859-1&_gid=488112055.1705104717&_r=1&gtm=457e41a0&gcd=11l1l1l1l1&dma=0&jsscut=1&z=1142216426
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:57 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.babup.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame AFCF
334 KB
71 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&adk=1812271804&adf=3025194257&lmt=1705104717&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fwww.babup.com%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717283&bpp=3&bdt=250&idt=235&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2296480671586&frm=20&pv=2&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=246
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d870b31f1b4af3079c998bcef8b2feb69f047a9d4fa07ff66bdf9c41c9c2843
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
72975
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
expires
Sat, 13 Jan 2024 00:11:58 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240109&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d29d828d6325febec52e865f833ae018e0afc94423905809e912b5cfaeb18c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12320
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame A2F3
116 KB
40 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d9d8d2c881b15100dd8a4d262668ab446299e16a9ea7389df8531b08918e36ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
40544
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:57 GMT
expires
Sat, 13 Jan 2024 00:11:57 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 2E63
120 KB
43 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
322ca6f9fc6489a405b26f6ef7cdf5f186d7d7ae2f61ab11c4a9cfac6a4ee99a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
43409
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
expires
Sat, 13 Jan 2024 00:11:58 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame AF1E
714 B
577 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2926863663&adk=2239653313&adf=4063321098&pi=t.ma~as.2926863663&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717288&bpp=1&bdt=255&idt=251&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280%2C555x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=1082&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=253
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c520672fec578bed5c66dcfb55e14af63d784c9e5d0ada4b620c55eb78e1d078
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
356
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:57 GMT
expires
Sat, 13 Jan 2024 00:11:57 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 13 Jan 2024 00:11:57 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 440B
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
19321
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 18:49:56 GMT
expires
Sat, 11 Jan 2025 18:49:56 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame EB59
829 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
04c70fde91b4453fc57ee4fb59c8a87b463b1144c2adf67dbb08e75f2ef18dbc
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-MNpL2DPc-LXaN2FUEPO4Cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-MNpL2DPc-LXaN2FUEPO4Cg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:57 GMT
expires
Sat, 13 Jan 2024 00:11:57 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
pagead2.googlesyndication.com/bg/ Frame 440B
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 16:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
29424
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15229
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 16:01:33 GMT
generate_204
tpc.googlesyndication.com/ Frame 440B
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?_bGqcQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:57 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ Frame EB59
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240109&jk=697208698234851&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

css
fonts.googleapis.com/ Frame A2F3
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 23:32:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jan 2024 00:11:58 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame A2F3
2 KB
822 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 15:06:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
32723
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 15:06:35 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/10310281770509215954/ Frame A2F3
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/10310281770509215954/14763004658117789537?w=600&h=314&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8cb1bf69c8d0861eb95cea1e1aff519fea760e6eb6a0661967ecd25990779ba8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Sat, 11 Jan 2025 23:00:36 GMT
date
Fri, 12 Jan 2024 23:00:36 GMT
x-content-type-options
nosniff
age
4282
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6347
x-xss-protection
0
last-modified
Fri, 05 Jan 2024 14:59:06 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
14763004658117789537
tpc.googlesyndication.com/simgad/2908694489600748560/ Frame A2F3
1 KB
1 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/2908694489600748560/14763004658117789537?w=100&h=100&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c5b5707f4e3f81bb05208e8635cc6de2d41e73e0f6c08533c80e5d64d62d90a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 10:50:36 GMT
date
Tue, 09 Jan 2024 10:50:36 GMT
x-content-type-options
nosniff
age
307282
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1237
x-xss-protection
0
last-modified
Fri, 05 Jan 2024 14:59:06 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/ Frame A2F3
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:50:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
12113
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9276
x-xss-protection
0
server
cafe
etag
3558958386372919956
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 20:50:05 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame A2F3
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame A2F3
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54254
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame A2F3
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66227
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1704891455226136"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
4cee352c918c506f58256258d534a665.js
www.gstatic.com/mysidia/ Frame A2F3
37 KB
16 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
314616
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Tue, 02 Jan 2024 22:18:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 08 Apr 2024 08:48:22 GMT
truncated
/ Frame A2F3
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be7ac28defdb1d48a8e776eeea4af15d2ce36d84560e7df90e5814c299babbd1

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A2F3
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 09:10:14 GMT
x-content-type-options
nosniff
age
313304
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jan 2025 09:10:14 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame A2F3
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Jan 2024 17:28:03 GMT
x-content-type-options
nosniff
age
369835
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Jan 2025 17:28:03 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame A2F3
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C3qJvTdWhZZeQJqSsi9YPj-6pwA7fi6OpdYrli9PDEpSzkeGKQhABIIK6uHxg9QWgAaWh-9oqyAEJqQIRJ-Q3hmGyPqgDAcgDywSqBMIBT9BI30A4toWBtW8BPuv43CpmIWj8ivqBzMa59IZ...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ae83fd8f2fff0000000000000000%22,%222%22:%220xe380dd21f76f6fe0000000000000000%22,%223%22:%220xb529bd9a4...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ae83fd8f2fff0000000000000000%22,%222%22:%220xe380dd21f76f6fe0000000000000000%22,%223%22:%220xb529bd9a4942bf010000000000000000%22,%224%22:%220x9efbaffe65e814b20000000000000000%22,%225%22:%220xe22252b7ddcd37f80000000000000000%22},%22debug_key%22:%228431152338533916319%22,%22debug_reporting%22:true,%22destination%22:%22https://myamazingweb.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211465052325%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212312182097066176801%22}&andc=true
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0x98ae83fd8f2fff0000000000000000","2":"0xe380dd21f76f6fe0000000000000000","3":"0xb529bd9a4942bf010000000000000000","4":"0x9efbaffe65e814b20000000000000000","5":"0xe22252b7ddcd37f80000000000000000"},"debug_key":"8431152338533916319","debug_reporting":true,"destination":"https://myamazingweb.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11465052325"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"12312182097066176801"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 13 Jan 2024 00:11:58 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x98ae83fd8f2fff0000000000000000","2":"0xe380dd21f76f6fe0000000000000000","3":"0xb529bd9a4942bf010000000000000000","4":"0x9efbaffe65e814b20000000000000000","5":"0xe22252b7ddcd37f80000000000000000"},"debug_key":"8431152338533916319","debug_reporting":true,"destination":"https://myamazingweb.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11465052325"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"12312182097066176801"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
pagead2.googlesyndication.com/bg/ Frame 232B
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2300165494&adf=3874372513&pi=t.ma~as.2998985278&w=1110&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=1110x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717286&bpp=1&bdt=253&idt=247&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=249
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
56e70c2fea595cdb15f418a8f79227fd5cb5838e2ee6e56fd44abc63e2cfa239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:45:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
314815
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19703
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jan 2025 08:45:03 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x98ae83fd8f2fff0000000000000000%22,%222%22:%220xe380dd21f76f6fe0000000000000000%22,%223%22:%220xb529bd9a4942bf010000000000000000%22,%224%22:%220x9efbaffe65e814b20000000000000000%22,%225%22:%220xe22252b7ddcd37f80000000000000000%22},%22debug_key%22:%228431152338533916319%22,%22debug_reporting%22:true,%22destination%22:%22https://myamazingweb.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211465052325%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212312182097066176801%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 13 Jan 2024 00:11:58 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240109&jk=697208698234851&bg=!QUKlQg3NAAaumcC-jpk7ADQBe5WfOA-6VTqTywQVmK3lvFzq2ML9BZp3Xm0RxLIGYODNoCVo5jEHXPnzgXo0ww6hpWD_AgAAAEVSAAAAAmgBB5kCw0g28q4Zom9IBAtwCb8A1ev92jyP5x1OUNvzPHizODey-tzu1CY1_rLjdwv6HTZs9Hqa6AY9iVAfZfvlfNDVvOE901e1SS-WeRYjw1LxAQJxjL2DLQmiLVzomjOMv7s_rn-x6xiF8hvxSVyuE45fQqc5Dox9qhlC2uo37lFxxQv8KsGAm6lkQwqDsi8L-Y3U6OP_FHtLJuzYiSx2nlzuzWad0APTVj5EhEhjtrIb8eBp-9m-BxiXQJvXZnN2jg_drMqQNOp1QDGnHSiNeN97vBCD7PuPW04_3-8QOb5OA-OUwPSZe_xCLXpDi_KE7lPSfS1JULvO-ZV08DSd-Dw2nVOdnmIkNSZ8Ug8Om8XO20IKe8Fl_S8RkiDIzNnUwl2TgPPDstzBFG6tQjcXDdAatg6Yp9saXEWdtd5HaHeX2GrCZPgffQ1-4hSNhYTxJwLVHOX3eer2N5r1fMGpPZ_S4HOXfIOuLz-K17HowLdDOOjuUkKyrTbwmOvP3g2kTnAi6Ei-HPhn0DYnscIk9hz5W1qZtOWBYlhMUx7sCMTzvbKFLHT8cAjXslJ_7JwFLdNjUaNU7iuMW9bn-EXtOiX4o-RNmyNHkJ98IIJXwmTPVR5nuSLJyjCufe75kpWeZS8-mE_kzvMAn6uaq4mQlABrojxUqaXz6VqxPTJO24xzHKkA18FSWi9Z0Tf6PLrLVqp129Abjnc2bVZeD9ynndh7z1ME70Bh9eRjJ9C6bQ1_AckOzYgSepdx_Xz4_hsGUCSd24fDI8QPHmoLYM4Q4GPOciSu2rrDy3yWlO56tt66NEsvsebpMt65chaBi_Bm-_3EvhPr2Gzw0wj7SizjGqoNb9a1IHXxsASD-szz-G-sGApQ5H02A3Q6WRS8RgAmKJSggwXYXzKl_fIsBDXoxTFuWwXibNn8Zw64stmWtrMi4VNM6r3h
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

css
fonts.googleapis.com/ Frame 2E63
6 KB
779 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 23:49:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jan 2024 00:11:58 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 2E63
2 KB
822 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 15:06:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
32723
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 15:06:35 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/11296532034667602388/ Frame 2E63
33 KB
33 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/11296532034667602388/14763004658117789537?w=200&h=200&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca9265c7ee5578502950dd0d767760dc147704382289365ebe0129e5900b534a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Sat, 11 Jan 2025 14:18:14 GMT
date
Fri, 12 Jan 2024 14:18:14 GMT
x-content-type-options
nosniff
age
35624
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33305
x-xss-protection
0
last-modified
Sat, 25 Jun 2022 15:48:13 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
14763004658117789537
tpc.googlesyndication.com/simgad/17499683656291636012/ Frame 2E63
19 KB
19 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/17499683656291636012/14763004658117789537?w=400&h=209&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0f12dedf8110d0fd89d298da2d96d380ef93334aa6d523ea562875420638061
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Wed, 08 Jan 2025 09:30:54 GMT
date
Tue, 09 Jan 2024 09:30:54 GMT
x-content-type-options
nosniff
age
312064
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19316
x-xss-protection
0
last-modified
Tue, 28 Jun 2022 18:43:56 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
truncated
/ Frame 2E63
221 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/ Frame 2E63
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:50:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
12113
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9276
x-xss-protection
0
server
cafe
etag
3558958386372919956
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 20:50:05 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 2E63
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 2E63
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54254
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 2E63
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66227
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1704891455226136"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
4cee352c918c506f58256258d534a665.js
www.gstatic.com/mysidia/ Frame 2E63
37 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
314616
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Tue, 02 Jan 2024 22:18:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 08 Apr 2024 08:48:22 GMT
truncated
/ Frame 2E63
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
15cb89ff6f876057e2c3a3d4e77f4daf6fc86e2a2f4e4bf4712778b85bdbfa36

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/
162 KB
55 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8a3c1f201930e9a99b9a8dbce31d136c5ce51118fdee34057900d3dc67d2943f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56402
x-xss-protection
0
server
cafe
etag
477691342596805563
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
ca-pub-9176521898341909
fundingchoicesmessages.google.com/i/
183 KB
61 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-9176521898341909?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bdebc766bf640756940aa6ffa8c4f617eee54314fb32eea993565888708308db
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-hlW3Lyw7DhvfmL0B6vZMmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-hlW3Lyw7DhvfmL0B6vZMmA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2E63
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:10:29 GMT
x-content-type-options
nosniff
age
54089
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jan 2025 09:10:29 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2E63
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 00:08:38 GMT
x-content-type-options
nosniff
age
345800
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jan 2025 00:08:38 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 2E63
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CICVXTdWhZf2lJq7ptOUP4_K8kATe-puKdbT35_nsDpCSyePCARABIIK6uHxg9QWgAc_h-9IDyAEJqQIuMb0Ryq2zPqgDAcgDywSqBMoBT9BmbmvpC6yrAl4c6gatcpdAinDbMW-LaMKTsBu...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x35af551849e9af8c0000000000000000%22,%222%22:%220x4c18aa1cec8a15a30000000000000000%22,%223%22:%220x97bc8d...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x35af551849e9af8c0000000000000000%22,%222%22:%220x4c18aa1cec8a15a30000000000000000%22,%223%22:%220x97bc8d1c4fd599850000000000000000%22,%224%22:%220x512489c30c7139450000000000000000%22,%225%22:%220xb5b9e8e5239047bb0000000000000000%22},%22debug_key%22:%225155900311005187620%22,%22debug_reporting%22:true,%22destination%22:%22https://acs.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22979300559%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223611148077843451921%22}&andc=true
Protocol
H3
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0x35af551849e9af8c0000000000000000","2":"0x4c18aa1cec8a15a30000000000000000","3":"0x97bc8d1c4fd599850000000000000000","4":"0x512489c30c7139450000000000000000","5":"0xb5b9e8e5239047bb0000000000000000"},"debug_key":"5155900311005187620","debug_reporting":true,"destination":"https://acs.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["979300559"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"3611148077843451921"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 13 Jan 2024 00:11:58 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x35af551849e9af8c0000000000000000","2":"0x4c18aa1cec8a15a30000000000000000","3":"0x97bc8d1c4fd599850000000000000000","4":"0x512489c30c7139450000000000000000","5":"0xb5b9e8e5239047bb0000000000000000"},"debug_key":"5155900311005187620","debug_reporting":true,"destination":"https://acs.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["979300559"],"22":["true"],"4":["01-13"],"6":["true"]},"priority":"500","source_event_id":"3611148077843451921"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
pagead2.googlesyndication.com/bg/ Frame 1866
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9176521898341909&output=html&h=280&slotname=2998985278&adk=2869380213&adf=2180648201&pi=t.ma~as.2998985278&w=555&fwrn=4&fwrnh=100&lmt=1705104717&rafmt=1&format=555x280&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104717287&bpp=1&bdt=254&idt=250&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1110x280&nras=1&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=762&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=251
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
56e70c2fea595cdb15f418a8f79227fd5cb5838e2ee6e56fd44abc63e2cfa239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:45:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
314815
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19703
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jan 2025 08:45:03 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x35af551849e9af8c0000000000000000%22,%222%22:%220x4c18aa1cec8a15a30000000000000000%22,%223%22:%220x97bc8d1c4fd599850000000000000000%22,%224%22:%220x512489c30c7139450000000000000000%22,%225%22:%220xb5b9e8e5239047bb0000000000000000%22},%22debug_key%22:%225155900311005187620%22,%22debug_reporting%22:true,%22destination%22:%22https://acs.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22979300559%22],%2222%22:[%22true%22],%224%22:[%2201-13%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223611148077843451921%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 13 Jan 2024 00:11:58 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7150
59 KB
21 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d3d30a814a111a4ec66d06dfb59b13e82c202b61c47c0e6cf577a36ef3223f5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
21277
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:59 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6B5C
436 B
234 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2743202993&adf=54630664&pi=t.aa~a.357680634~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1200x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280%2C1110x90&nras=3&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2895&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=6&uci=a!6&btvi=2&fsb=1&dtd=50
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4c697348fa3cefd75c8fc7722ff365ff1c7d72a2c16f2a6cb27025f23253038e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
213
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:59 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 7F8A
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
8624
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 21:48:14 GMT
etag
9219409622527106327
expires
Fri, 26 Jan 2024 21:48:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 01AD
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
8624
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 21:48:14 GMT
etag
9219409622527106327
expires
Fri, 26 Jan 2024 21:48:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 9A5C
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
8624
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 21:48:14 GMT
etag
9219409622527106327
expires
Fri, 26 Jan 2024 21:48:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/ Frame 9F20
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401080101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
8624
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 21:48:14 GMT
etag
9219409622527106327
expires
Fri, 26 Jan 2024 21:48:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
AGSKWxXraZdS2BgxfKX9crlb4mtwYd6bJgpAUrFUhbUEBnazWofHk0Q3-xQKdMM58YIuOf7y2SbKF7aEgpZMyYsMBk-QqxfmwimQ_P36lkNUAY8BQTQYTrsjMZ4pbgUM2fwBKkN_2OvSlw==
fundingchoicesmessages.google.com/f/
3 KB
2 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXraZdS2BgxfKX9crlb4mtwYd6bJgpAUrFUhbUEBnazWofHk0Q3-xQKdMM58YIuOf7y2SbKF7aEgpZMyYsMBk-QqxfmwimQ_P36lkNUAY8BQTQYTrsjMZ4pbgUM2fwBKkN_2OvSlw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1MTA0NzE4LDc0ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIjE1bUxwenJ3THJBIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7e6c70175423e0468a845c7b024ae9431f79ec21b8a7098d0ea0a02cae461a9f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ERYwH0lT18NRaSONk6tUVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-security-policy
script-src 'report-sample' 'nonce-ERYwH0lT18NRaSONk6tUVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
css2
fonts.googleapis.com/ Frame 7F8A
4 KB
671 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 23:33:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jan 2024 00:11:58 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7F8A
205 B
229 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 13:30:37 GMT
x-content-type-options
nosniff
age
38481
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 11 Jan 2025 13:30:37 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7F8A
604 B
628 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 14:30:21 GMT
x-content-type-options
nosniff
age
34897
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
604
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 11 Jan 2025 14:30:21 GMT
fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/ Frame 7F8A
16 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 08:47:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
55440
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6823
x-xss-protection
0
server
cafe
etag
11129212757755515379
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 08:47:58 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/ Frame 7F8A
22 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:31:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
13231
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9422
x-xss-protection
0
server
cafe
etag
10624764489894593518
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 20:31:27 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame E0C0
478 B
198 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNV76QvdYdzjoIwJgiIM33ghCzxRtFgjXushfd3U2GbLa6Lj0J87uJ07wR_NL7NU3ZsZc3wJqIb4HghpV4J5OjVRWMmYAQ
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
expires
Sat, 13 Jan 2024 00:11:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame FFA8
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame FFA8
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame FFA8
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54254
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame FFA8
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66227
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1704891455226136"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame FFA8
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D85ICCDOlfxNz5OutpwidYXG_b5Vn_Gd_GpOxzFuWzxnNyzKTWOL3TrjQxc7tS-o6bCJw_HF9NhGhmnAqG3HLMok6MMzP_awOpxCgp0d1BquA_gu0
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame FFF0
611 B
266 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNUEC0KEsuaTRUFKGbXv61Z42JyQUewcOAlgDZdaLJYd_2_x7zwUuKxmsIu3G2swTqserBm5GVZ24TLYds8BOG8memweXQ
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
243
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
expires
Sat, 13 Jan 2024 00:11:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 9383
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 9383
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 9383
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54254
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 9383
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66227
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1704891455226136"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9383
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-De63VlWrBoVMIe5oClqT6fnYuU44HdLBYx1EHOTiODGIKORWMcrR5onwvHepk01oZs9eZ7UlHy84vEqf4HkqASwnlnfNTYijNxH5gLRxmKE7VtcEA
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame E014
611 B
263 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYsYqKggIwAQ&v=APEucNUbCHF0ZKiTaVqNPDTu-YPEdtdhajMsZsym24oJTCqNutIVTS-2zoOoJNI8usizyx4V4gJjNq0LrbvqBI5vN-PJJ4Up5Q
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
243
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 61B7
89 KB
31 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 61B7
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 61B7
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54254
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 61B7
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66227
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1704891455226136"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 61B7
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DvOnMugwgViJfczvKkU4Pm6l6F8btQf85JfYlf7T2JQPqJ15xha_0Vd7tZsiJmBSGsiIrKwY9a1QcPlbZonxhox7yHcniBVnnrzKtTRP2AcFzZJRU
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E0C0
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNV76QvdYdzjoIwJgiIM33ghCzxRtFgjXushfd3U2GbLa6Lj0J87uJ07wR_NL7NU3ZsZc3wJqIb4HghpV4J5OjVRWMmYAQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame E0C0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
43 B
341 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNV76QvdYdzjoIwJgiIM33ghCzxRtFgjXushfd3U2GbLa6Lj0J87uJ07wR_NL7NU3ZsZc3wJqIb4HghpV4J5OjVRWMmYAQ
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWc4z5CFaoeMCXe%2FLZFfFg1Z3OakFJp%2B5AieMCMeex%2FT53PnsKDJYm6ajY2wafvtAK2sQ7mfBSYHpIt%2BuOgz%2FtknX3Z07TggiDgiYGoC1FmNdYnI7VhvKAk7P19l9zHpS%2B1vtDp%2B0ISmJA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
84496ccd7beb24c6-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame E0C0
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZaHVTh7I1N-PS6MZyDTt3QAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
43 B
771 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNV76QvdYdzjoIwJgiIM33ghCzxRtFgjXushfd3U2GbLa6Lj0J87uJ07wR_NL7NU3ZsZc3wJqIb4HghpV4J5OjVRWMmYAQ
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HV7tzvgXX%2BqtEh6zN33lI108xF8CcMPF9a%2BM33%2FGhIvaY0LmseTmEY1OBwWJbPYIC%2BJMyZqizEFk7DiG7Ez0pnkdTPTl0Bx14BHWa4TMSbjgGQq8FReggBbGCs8EO0nTZvYUsMsGi8lDfA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
84496ccded3b01e3-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFRGSoYVK6U2XuUcCxW3XIw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame FFF0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
43 B
1009 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNUEC0KEsuaTRUFKGbXv61Z42JyQUewcOAlgDZdaLJYd_2_x7zwUuKxmsIu3G2swTqserBm5GVZ24TLYds8BOG8memweXQ
Protocol
H2
Server
37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
an-x-request-uuid
316d66e5-1aab-419a-a52e-d8ceb7f27b53
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
176.10.106.23; 176.10.106.23; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FFF0
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNUEC0KEsuaTRUFKGbXv61Z42JyQUewcOAlgDZdaLJYd_2_x7zwUuKxmsIu3G2swTqserBm5GVZ24TLYds8BOG8memweXQ
Protocol
H2
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
an-x-request-uuid
6d9b4950-c69c-42bc-9c93-6b58ef70f26a
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
x-proxy-origin
176.10.106.23; 176.10.106.23; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame FFF0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
43 B
163 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNUEC0KEsuaTRUFKGbXv61Z42JyQUewcOAlgDZdaLJYd_2_x7zwUuKxmsIu3G2swTqserBm5GVZ24TLYds8BOG8memweXQ
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FFF0
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDAxYjY2YmYtYTRiYi0yZGM0LWM5MTAtODVhZTE5OTIyNTQz
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDAxYjY2YmYtYTRiYi0yZGM0LWM5MTAtODVhZTE5OTIyNTQz
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIY76WLggIwAQ&v=APEucNUEC0KEsuaTRUFKGbXv61Z42JyQUewcOAlgDZdaLJYd_2_x7zwUuKxmsIu3G2swTqserBm5GVZ24TLYds8BOG8memweXQ
Protocol
H2
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NDAxYjY2YmYtYTRiYi0yZGM0LWM5MTAtODVhZTE5OTIyNTQz
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
AGSKWxXK5CEBwEvG2YEIejQH_Qd7zDfRWl2NejAsMWSb8asUrhbSw1LqiuB91r844GEVUWr6NrsaqcpKBIbr-kVzsPvCJOMX0BNEKy73jsPLfNbZsAq9AazTHTmMRoNkuhpFt4BusI-5FA==
fundingchoicesmessages.google.com/f/
10 KB
5 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXK5CEBwEvG2YEIejQH_Qd7zDfRWl2NejAsMWSb8asUrhbSw1LqiuB91r844GEVUWr6NrsaqcpKBIbr-kVzsPvCJOMX0BNEKy73jsPLfNbZsAq9AazTHTmMRoNkuhpFt4BusI-5FA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1MTA0NzE4LDg1NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmJhYnVwLmNvbS8iLG51bGwsW1s4LCIxNW1McHpyd0xyQSJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a177d3c38d44e2e0c10335aa3452465c4d8caca539d9cefa074b7e5da8462964
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-2c8GIJMP7qtnrM73Ig1YHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-2c8GIJMP7qtnrM73Ig1YHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ Frame 9900
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 12 Jan 2024 23:42:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jan 2024 00:11:58 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 9900
2 KB
822 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 15:06:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
32723
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 15:06:35 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/ Frame 9900
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:50:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
12113
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9276
x-xss-protection
0
server
cafe
etag
3558958386372919956
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 20:50:05 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 440B
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
2017
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 23:38:21 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 9900
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46782
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame 9900
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54254
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 9900
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66227
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1704891455226136"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:11:58 GMT
4cee352c918c506f58256258d534a665.js
www.gstatic.com/mysidia/ Frame 9900
37 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
314616
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15452
x-xss-protection
0
last-modified
Tue, 02 Jan 2024 22:18:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 08 Apr 2024 08:48:22 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame FFA8
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2392405010549&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame FFA8
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2392405010549&version=m202309260101&ct=77&x=1&cor=1806302508290720000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame FFA8
20 KB
13 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DM90z9JDolRtudeue4C_wL4AIwfsITT0V7Ykvkwrh1RkjkcGXYnhckjsF6KfI3usRO5lcroeT4VBdj66qChZ4vT4V9LSiWzTpgduVc2W-OPDBxpyJQ7JwNkVdc61kZsRUMd4sTM7cj3C6W7-B0WDPccyJfTESP811vpSXTBSRF4z8lqgI&cry=1&dbm_d=AKAmf-D2EBjAAYIFwWDAT2Th9oiAmWipnBYPDHNnp_06i2Mt5imi4hty8KyOgMrVGzgIJ4GWbBXNPqL8Fs5LOu425OVxAnSXg0_u92pSI-37mu2gdvyu9Mv1p1jaOQoOfpQ0_x9HyKroAn59eGtbXQWX09XpHwRNL6nhqkl2xl2WWw0aVbey--9GjZNMD83kzmr62EGqYuK5xLaGndgpSVwYHlMSll7oMoWE3l70Y29LZo_seWX16YsinTfTcE8tlaoSU5TfV1vqp1I0D4N-yJa1ldUEShqZnJ_CH4sH84Bg3NybTc8YRPuIDjsFrcFTQ0ODuq0hHiaiU2oIQZZ6kWS7hM0hEtSYNMG7yiTC4Ga_BMPRdZdrIeGSQeLiWLmhHugj6KfLUl54IQJtd0dhojclIQr4W4US21Pkw-eIW7BxXNo1tmGutI4mQJgtU4E9kvKeIdZJHhqvW5mZNqpxaLrLbIvarQ02XdqOujDZwvyQ97KUIBOYQU2nvezW-LpYkfKcv1eyOxeyEugnpOblCzuvL_NUUEFt7GTmt6PzNx1H0dqnNKCm19ypNoft27Dn7Lb_H8atZHC1XAKcse2kQ5M8Z7Fdt7QVHcE1XjDrPFkzMs2kBSnfZhaDKMtJeIovIf-Us84OMG_wZR7sQjkZ5YrbuYDvxB1muzzYnAyhenfJp00rnOKoD3tCmJKZL2Fdj7am772IneevxMU-6ma966v1aoJJ3ghGFOsmzgv-Itz8fsW4UA1tA_eb0SFbfdbdrmyWWVJY4aQy4-UcZ6YQTCBzwoncSW-alhzY4uIiMp26ZQ_nPbOqzlZL4geGDEhbgF-htlJrzQvnZUEgR8RMi1Ju152gHxtQ8hEMnpLgVWxy5gCVP25y2sLFzkKXfzYtzq_aZrxYEawxMs03PKwSy9zEpLgf_zmZSYLVBPqfzgIyPBWL2iNoEfDJn162meVu1iuLRlW3wyHk_ky58bYYUxHISPzMS1LFKmH6YBLdInp7oiPB86et2bndwJy2ktKeI2QlB4ZxCMXzB_eAk77A683sNAhY-6SgHS-D9dNy-sZMpZXpVbBVTgilq1H08g7Dm_jkqyOqDaSay_MRlkHx_f2GG98QS7qeaQ8WDNXWACXXSuDCNqyIXSdXFmWsHnRO95KXI48VuWu-mDLT4ez8DsEBJbn3mtNkjzflvi4UXatntDpWVA-tey9hGje-fWzj3i-JhFvf9ExHg9WMdvzGv1Bbl-1Qddh0RUGCu01eNYRCuCIUUMNIPepOdw1ojKahbLrlKtiuzpnCntW-ir1Rl9sNhr7-sUG8ooYuyKxIF9x9jVRhvg-yUwHr2q_xKGn9mTc-mIcwR43A-Ti32Jk6dgKPUzwj2-p_7mlwLp6-rc1NaqbLQLu2D8Xknj3ePmz_lbQXe9Bq3-C6_RuXmxaxlCe_1HTnKcn-9-lOscFSOOmGzzitbctUbPK9uCR48Yy0FSD2VK7ntKmlm6AXuln-nwYNkhG_BnpEEcV3K9vdS0FY-4oAYrVL4E-VVxr2Q3kqVUJO5g9-xe6KP4r_t2JXtWUBNHA8VHAmDMCmzVWelwnjycu5pfdXGCVCb6YDUxf5PmIJbLTtg6q53pq16AJPPL_21hQ5Xe8qm1Rl2OXr28e4ag7N-WedWP8EGqgcmOT9oJYMkzU92Yrc9fV373S1hQDL5HI4tXs3XyZqDlfJpPL3gUycE-8cMBz8tQDykQXwwNspxoNbFBkwX4TFKVBwQS-W_NupgAC9F49-IzXtXCSrKXMZsqRB5wtbcIssvF9ta0YZiy1djroEVmEwzhY1wIQu1mQlvki6mIcLqy-tyiVfnCcUAnH8jvkbgwnDl6HM-qzBBeB0lGgnF0l0JaMKVZ2FCZveB8CqoVLwdo44VdxW1Gdte5DurJlvlfKS3SYnGUNzd072SPEkVj4ApNJPn5i5CCngNAY58yn4BTwum_-NFFJZiWKinQ0ws_d17-ayveUKOOovBbWlRoYSWDJbyXR2MweqjpD4BCAekJWMuG1cZEMpG6rVk8qpoFYowRmIS7pS0ROgUagKKkufBb_XklhsTROEA-j7Yrfi8rAQ08lJsAHhUhWngN91dFhXEmbhXqRBB1_PZU6vKHsD8-TKkp8cl1PSWWBwXEyaYMeTO8aqW808wHvK16-O3VhKZIPxaXVsc1VCeDEqsar-3hCIFw6tVr6O8hrH-0OQrAUFyv75QrsH3rkOlUa3wsjT-doPZLJbfj3_F-AKb8vHUlRviWuceOkdtQoos4_rHa2OR7E9vVPzkI5RQ-YxksyiKx1r691QDo4N-pKLPXPr7DaLoEgVJE_-LU8_wy-1LVpLzeQHhu8O4BFbJpDERN26XAVqrUO1kmFb_0EUUYDEQXQBUZ5iGJ4hM3nCfg7BTX-LIDkNq8V7mzRdwOvp8-5aNYC6kgho87PadTqopYoHS0xwJ2jUzhgqWjnaSl-AC4QRRrHjQ5iqFoHK2j1wpoOU-40O4Fr793oU4Yi0-B3nLNoyvoa2dnnsOw1pIhmb7grkAwfyKll_cYA4EH_VIvpG7fVxHGGfxVeu57LPyL3sUCZoK8D-MW4Wd9xwxjlIYkwThXBqYG-bXOB4JqXVTJqsoFaShm-3TNcY4ZpQt7RdJkkUu-D9TTL5OEHx30SxoGwNLsaWjjCZZxns8XKhe7H3IOmOAslf7mAnQHRE5ML3mzE9xEDAVxTiTBQ7odjqfti9A4uGsmjtIVb1YUx9cU7iq4h7V7vrkFooRJFhl2BU0CRR22XYzQNGyQvfuXsEjygy3_EK9DVO0M-WW3Dm1MrdJZ-_dL4NZRZDIR1DeGa5ayIcJcAMM8aNk79bRaOmP5QxXEHiHYl9NH-vx_R0oysj1rnpMxrET2eFDDP06sfPlTTKHDVgumZ7EV6vp9M-PgADL4uxtIY_Ozi11q8McA2ftdpALga0Ad3T8GMzr8XJWPdoMDYiMCUDa9bcFlPcSf4ITPNhyPlMOnhI_wxOMPo00-7RcwDVeevCmentoNYyREfkpIPj3QUIk7AJX1EkVKF6rdom-3fiIuczfnx5_Nim-JJCxyUDjKuVSSDZfqi6POcVLIUENKIVul3UPHAeLXGiLkVOZph1iAiNW87tM_XxnCn-yXFkqhgixnI8lqdcWzItgJahfkqHaMMyCHTRfpde45u-zjWfTr0tDWzdNRmEEZiYS0m6AfNasVWnFDO2WeIld1MR14FVReH3znTfjhPpo86hULf8bbU-zQcPzRbpirqAPKW49CRUELphKVprvRHDvjcepTLJaxsBUsEO65EOfHlO9R0SJkIXERkVKI8Xrzuzq38FsdqSJCQ-OuRrDq_HUfzNQBaWW6_KV4q3oEBTgDzItpGozqoA1ihOmlOeXXOVJS9JKWp_wMjm_gGG2qBh9DgLLJSZW0ZN86_1_zjyoID9ty2bf8CHjyx4nX1BZzfxBLtx2YXvz6s38FNex0kEhxSLLjOvww9MeIap1wGxw9IjDx7nZm8j4bQqG_d8_oqUm25K7d3ESFg2VaW4XtK2Lq4vf8gx-Nl_Db0WTmbcjMGHsS7vhtaNvSznWPEC7O7PySsqIbZpoM3L&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=1806302508290720000&adk=1935140219&idt=109&cac=0&dtd=8
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9652381ecc9c1e3c8fafe20b1108aaa941955e8d0a881022dfb95c1701cfac81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13572
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame E014
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
43 B
1010 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYsYqKggIwAQ&v=APEucNUbCHF0ZKiTaVqNPDTu-YPEdtdhajMsZsym24oJTCqNutIVTS-2zoOoJNI8usizyx4V4gJjNq0LrbvqBI5vN-PJJ4Up5Q
Protocol
H2
Server
37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
an-x-request-uuid
b53bb19e-23d5-4f3d-b283-f171f40ccf13
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
cache-control
no-store, no-cache, private
x-proxy-origin
176.10.106.23; 176.10.106.23; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESELyJcqAq8jUDAPIlTaen3hM&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E014
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYsYqKggIwAQ&v=APEucNUbCHF0ZKiTaVqNPDTu-YPEdtdhajMsZsym24oJTCqNutIVTS-2zoOoJNI8usizyx4V4gJjNq0LrbvqBI5vN-PJJ4Up5Q
Protocol
H2
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
an-x-request-uuid
fd34d04d-98a9-41c7-b835-e5945f91d8ff
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzQ3MDY2MDE4MjExNDY0NDEwNg%3D%3D
x-proxy-origin
176.10.106.23; 176.10.106.23; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame E014
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
43 B
97 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYsYqKggIwAQ&v=APEucNUbCHF0ZKiTaVqNPDTu-YPEdtdhajMsZsym24oJTCqNutIVTS-2zoOoJNI8usizyx4V4gJjNq0LrbvqBI5vN-PJJ4Up5Q
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKAvdZsKDVFoT7eHPcuNWRg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E014
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWQ0ZmU1ZWEtOTdjMS0yNTI0LWQ2ZWQtMWE3YWJkN2IzOGI4
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWQ0ZmU1ZWEtOTdjMS0yNTI0LWQ2ZWQtMWE3YWJkN2IzOGI4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQpvPq4AIYsYqKggIwAQ&v=APEucNUbCHF0ZKiTaVqNPDTu-YPEdtdhajMsZsym24oJTCqNutIVTS-2zoOoJNI8usizyx4V4gJjNq0LrbvqBI5vN-PJJ4Up5Q
Protocol
H2
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWQ0ZmU1ZWEtOTdjMS0yNTI0LWQ2ZWQtMWE3YWJkN2IzOGI4
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 440B
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
expires
Sat, 13 Jan 2024 00:11:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:11:58 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9383
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3760297210361&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9383
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3760297210361&version=m202309260101&ct=77&x=1&cor=4923925234655077000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 9383
20 KB
13 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4s917bMB8gOmWpni2cxorx07Exzuu5VgWQyKFizcMXiyGGv1jklvo0bMRdO6FPOKiPK7rCRLZ3TW3EYcIbRiiyPGjUzoXMJ1LQ6f8h4KOiIJOwso46U-ScBzmc2AKUtkaZLH4ejcxVpGxTYKKBEASRH47lKXBQil2namBDler_GQ_E-k&cry=1&dbm_d=AKAmf-AM0DF0lx80_f7aCnKtPOb13s9Nk-r6unjEHVk1N_DsEQvS3dnaggEnBRZDQ9VKiJ6nnfNozp1uI52zv2XNLHtxYyAnsMf_Vpn4_tinIacf6Qdg2ADIe4osr434am2JrX9Qsm_Q6BEuWIdfZNXUKSTr3AG_r_-Tv6B1ojD0zbkiPLCHf2q-G9UGlwMaIff02qhewWFPPfdZKCkxSXyMZjV-5PEq15pw7CUqMGc50xI747D8KhWImr0nrIWeoU-wdMHBnrXKPxZZPURsk8IpxLQFCokMgfPz_NqZyTS3Z_kvcWBGhB2nbHt9eBSu-RU_jjgPglP-9DfM7u-_Lj7Ss_UvRy0ZhLsYd9fiLByHV8knrWXWqZHZxBOeuUmKjqojaXm7NeXKEG1jnf4dsavGCcqfL5Six9UIuPDMqRuaOSBMiUbB-dfftFggxXzPDSul36oOkSA-hmVQZEg5VIBJEhdNaJwkg6gklPa6-P0MF2JyUAO92jmqMd-s6GLDJk0mZ8FeZxMXXDqBV2DKDfeycqj3XfaesguEdtCW17tvVIN5O3krNmHry094QgREjvKEnASRDlTiD9atzsdwck_h0-NmYlFTU_EFZP6YQ9BBB7ixw2aOMVjUcCp8xe-0cuqGHo-XXwvJXt0_wHARa0YUvu_soNXLGuhc4zUK4ujjyHtlIA49ZW4pWMtRhsISlGfRFG88XQEU_qNDV2DLizhRdSONe3iIey8QX5_9SZtW9Nv_HcvEO8xztGpehVkST8gF5E0ZBoPyZ4WR9AxoWS22yJ7DzEx9RiHFNtH_M_8Kpd64H3KJsCwI1CLXU53RrrEv8_GLmeopHQoNyuCWVo9gIY_qq00v4cYwLxe8tQem_G0AlDt16f81LoYNDYCzAp3dMvLLfi5CiWrtGvynr0wVo_BWPU01r5ymxxNCI-Epx3mazDp4HaFyD7KUlYiEFb7G1FQOYOsjNTAOzExx8YA5sllDCnZ72OVHT6TVMIeJdasIt0nvusALEeCuPcHj6XXOpYQh_MeYPoyJVJzApO9Z9kQIIjoWegjIsrSQrmH_yPv37vCC3v1S4h5opluVezunorumwc0Q-zm1Ul39ei9jTVKAK2jPs4p_YTtG_oD8vZdhdj-Ple4MWTrUrTSkOw3mE2xz948WBoELconPUkIgozD6jZ3b9QLGmSo2X5l1VZOQVhTDy67zGYnUcLFNgzpzbn6WFLtFLy7aO9832Qhsa6UM7IczHvTFaqLJGw2chlJOfJ3fmy3Q7veY-VfHy91ki5oJAMJoDE3sw_FfB4IFYosPmFscC4ljOVx0tZwNw4Jlu3rsWBXl5YSyEGg1xhW34yySmsqbZKe7OApQj078hGzLPEpxo1hG2uFrYHdiAh-cHKGbN8TY4tYot5CBga9cxUuC4r9gs336GUg3BI4hRlJbjirqE__zzWMtpAZhjqWlSQNngWu4rdvCkkTX7JV8SSlj0F3s7YttBJmcEPNcAe2-JKDBT26bnL1XmdsWUqHa9RShJ8RYnBts4WJz8tmNxcBo2v_DRs2A67x1mJD5SWPJbljWtggYZmE12gsNGX53HSFs6LY-CwTn7reIyAIIfbOz8mCfy18R2Jca2nG3IKOFutNtInejGW9pcd_Lus72LuzKmI-wIcAZPGaIBlBiI8h7k5SRxd7dSeoDW4uMFuWX4qdcE2O_DgkTvn7yW4zffd2KZGB-Dx-zV1tJesfujCrc29zdOBkQz32T7c3V4Kt236mysbYIAtlXbMTyvaWZOn4AjffzvbMoeFGYnvX7U_J0E_3Qa7KianOabzj702oAgdmr0kzXFQJvPy3f0xCkeLW7b3FlcZcm40u2ZOfUOzvdUiNoFG_UZp-bqNODWQJ99opMdhC-20YfLA9QGaCtzdbkO2LVhBz0w-PupG2jgt4OTldHN_Pycsr51RIAOZsaKSVtdhdTZwO7Yskspm3UsZ3pIdfPiiCtH-ukkVhngkgzvMpLnfHRlfwnFrXicTAx-BpbG3K4zCfvrIrxisabg-Y_o75R_IWySn7PR4BBdFYzLlz_dcT9-FNS-l1VViU5mEZWojPEUfYcHwLSUNJVdu_h3JW_fX6aHDS_J9nk0WUEqwrabDf1QfhZIutoimxKSGTh6ULaVXjpLUir0iCzfkNkMxgxGXJn9Mykxam92n3iKlNb9Rk-rNI-L-23OXQIxVB6Sh2dMc34ALalOWb_r0NE_dIqpykyO0s9cHFnqLRhN4w8RNAdh-yQcHRe1Eu5uyIrUMpTl9VZzE9mqwnZnfE2MfWLXKuFjS4-Ld2xzvlbd_CiDe79IAVNIR3R8Ixw3i6UZjifIRaVqqYMA2_a-D656gkpoTQVcQWiDspC40lMsTHJdxiN6TYqDjPZMmlnslzqjwRZ-vj821jGnu9hAzfJU5TsW_P60AUX2GZI4lxTZmeEb4MViE47KLwNm4_yyXlDqJa1nqgz6kVcjPmPl-bsSs8cK2MXn9_PlJsAPXzYngLLlaEnJ5vJ4UH9T8TX0fhsdFKRZFmhKt2_F2DasVC6-E-gITtmmVwmREK9NLFTieKiG8MWLRffNcLLLyCWiGwrTFR-vfyhHn2k1Z3yN9Q37jwUoCWpSF_N0FcWH6AkfGoqdxAALBdDkibEPn5HtFQC3_JhA-7KIFLoZ4Q0Ea8lgB9oYVL01_zcQBGHgouzlzXetEXWlCjyeYPWOU6gLzc2ztgq25UnFnN-WirGO-U9C3g3zkJeH8az2zcYvSHbOHWH4hAjkEkWp5cE8KgmoujqHF5-_a94Ef84mzl-ii14XJZArSoGWthtBolokvGQjSGe_PKVXJlR7LprATxp7uBeKsM8jO-cHiaTO6Nla3zjCKTV2dl_CXAoQGRAdHPuL0qsleYsPa6010XO8qcrAqbaItVmbH5zsCVJfm_iwOovxurZQ30UNF2GOsUEyi_u79K0Z8lgcMZYsT0PZSU9UXoo4JpdNLs5id-B35qBMLnghgPdIRulC8RgtxRgrkBmgD1tRS18JwNK79qSLuFykNriLZFjCFynGRBNgMamjBEmsQHknATSRJbZitHbvQ4rmwYRpSVkdp8GwkV8aCGkaxGApG2vd6NsIjLoQutbC2LuFjPutuxGwQjdHPMThTEXu4I6RbD3A_hmgXJRYR49qpPBXq9luFG3zB_S0TJ5rP5P19y4qNU8DfNACM9rtll39opLxzlboBH0nn0h7xhZtpVrQd0yGYJy22TmF0Qy0kMdCPmerWhqkBBiwmLcJfFzXcHbBKh-oPpDxjzj9qNJaXh90WyEivd98ROOkk_LRpXeKqIo7z9AJUp6ZGsbeWzpvwBXgn_gKVup5OvNvAAlapscKhBu8YkWaBiHcvElJs1IOroDO7GSE9oZ32zjgmfJsSjT_Iq1j7SKhwNm4k43G7Z2nlwDhRNBQ_rZiNCYijVp6LYW61g-kHJtIAFyoLUpQOnpCsFjbgE4aNi4fUwUEWojRj2HzW352uUhQHChB4KlbRio_v8ZIJ6Y81RhG6p7TZ3QJfiIyMCNm4lKO2fms4S92aP7pXbOSQq2Hkoiq7zA2mHcyNorRryS7EzqdbC1iWId&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=4923925234655077000&adk=1405019968&idt=165&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0fa8edf9987e047736206fba362ee73c6718688746923601eeeca60efe9e57ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13787
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 61B7
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1241491285501&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 61B7
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1241491285501&version=m202309260101&ct=77&x=1&cor=1927283169535446500
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:58 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 61B7
20 KB
14 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ale9h8mqeOqYaXjpKb9ggn9Pn_Z52ApjSE5kaex_tGIJ4N_8m4zhxaet9jp7wB8qzwuTgSnm5MIiGIVG2bEEtz-guDRLTBg7gBS1j3Mq6ZA0BeEaq5eCLRuGlfebc77PvsccnPh54oR1rdg4Rrw8ChMrvYrBXpTVEly0eda8botoTHG_U&cry=1&dbm_d=AKAmf-DjmA85XTS7sb9zSRayxkVpG_bstIYxhipy1_yFHqujT8h_2Z_tNl7pQjsih2XWs8HW9_7dR3U4nkCwbv28L3JOTP5FOlXAtJvxSC9cvlcvPig77JSYwyKMQZ_HojxSmyC8s4po4YvlVLyVlGN60eF_CjRbLkq4r5PqqkAOdI9XxAOnWnjaqKJfTuw_jTK4ILemZSf3UQFsGrbNdcgvzSB-Ti8kEMZolNNv6M2JKaxT5drwNQFMfQ_U9Cy18q0eT23pZqQg13bmPZfbBDQ4Kk01MnaLafp3sSo67TTBXpSJ72flL2QcnQKTxyk6tRn-0JZ27u49K5azAsksPp88p5pYdfaJTAIXw2uIVon-wJlgxu6X7W3kdyOUKO12HN9h3z_9W-_LGy9eZ692eZvuVwjCzjUGVqpUplKM0wEckgI_luBZ19oSI9MHHRwog8e_Lgf2EWMj5SO3sZpAIWBpT6gKctMANnDaglNrP5nC1WqT4887uTZZ5M6C1HHODrlwUf_Di43xJ3x_HW2xL0uq6c69YbTVkMBE8o8tgc2frBVqNqyh0gmchlsiRkRCEVvI8nwjUjIRaYfrddW9YAQUEBi1G3h6SQhoT7pu35jwSfkLqfgu1WamW0_4st-JDfkOFWDbylyLUaijdSixWH4XEV5ZfYG281K6Wy3lMRVcPnorAa9Ay8kXpP7yxqjODzT3tC0AVkaIjXzQi_Os99dDLcG76r_stViMWQ6bqTTUWx-zKsUJDNSjpC8EwsHZ4fdFYKmAchYkCKTJTzjQwSIjMlmAjiJybxQ_ICptqYYVU3E0vPt5QrRY4SDZ8x3svbOzh3znDgFR0Ax7ipGx_SuDzN0uZl6FtMWJt0pbJchJYWyj3OodEnfbKnkF4gMHHx07blotmjbeS3GCgtWwgbQWqHfUPbBPGao4dgQgbQYPRCGaP5qH5BHlSM1XkWb8vKD00ugBixmI5GNPFV-Xspcudu4-mZBeOf9gUWK7uMUTS1s6JTSzSWtgvvjud99DfcRa2w3dDOpoT0wiYXg-mKLpaPbiGhsv4UmUkV0rQdwtXXLpM59TSZJLQkV6M125dLOEpnmCfEkqffvKTq83T1JBUCFexcJ76Kvklk7oWzhOeZr4VLUjdTepmaE10oszljyft9v0JAMo1wDT7trP3Xgjc4ByvjJevrGTKZnu2km4cnn4q7urQVQHOaCOdN8exOKyyNnriAx5lbysTqieD5vqsmkkEs2ZNLm3lfGSmHQORuLw3Lp77VHqgRKw4z6gkjCPjK94bx2j15EQ2E8joyovm9AexQD_lMKge7sfmtDhBf1P1U4WVM92sbzsq7FxsFWeEKaMfCsgkt7iOpIA01Conzr3SAHf-X35WC3P_VVl2lK3hF76gE3LDCslc0E4O_uPUa79v7aQOJ73QRrdtr5yW3AcVjtXk18XDz_yhwBpMniT1gGTglYdndGYJvi_85Y1ZeSgqAsrrxVZdNGPTFiZJrganxO0bR6x6Zu8wftS20ukbhgNJ5EFMX_1sIhxR-de2zYfjuJi5vvx5H5PJgUYSrKs_urVskoXfjWFDNj8T68yonaPdEcxAdTuVz7fWtBj_e64CUU9TLGbq8jYte94Z4RZ0bzUH_4VU6RKGat0e4aSoGvI8GIHkQh-Ei4rADMC7jjV-QVCDGJWaFxrs-VwGg2s1fpcsC9TIuFwS23oiCBO_fIL4M0AEUZ_Oh8l8Qo0WFBeyvykAQsfvMnxMiVYbygsND6SqKuxuh_X_o2NBIh3nnBIwyDOj1Rr47923zQJOWF9OncwACR3UHC9ze-S_9MooSH0_CQtapHTBNnraMA5HT3idO8jfbMA8PfRiw6Fg4yPI3nSlF4w8NpB-gN13h79rS5tayztJOdoNPG4yHieug1uDFRkFTuOdARdG6c7dj-Ehr1yiaRJ92So3GVEWvI3kTHifnGCDaG_7Ue3oZYzyJeNJTOzoqka7i0wUlIH_U36gQ7mHIbcVz3vmARy_lzkADNUrWML1Q3yihN1S3DZSqTd3aNOzKpiXy01i_ZcwBnV56soHAzdwRR9mMNb0o0j4X2zkcPfsxyURnlaJ5VTHOyayfpPO6bifzEOiMhdCo3IZYdfVqDeoZt6zGWEzvxoHlZZa5oY4aqYE4IusVqc8YrJzFoh852JqL6maFAALDzDsFLra-xGnp1dyLhSW9RG-INL7fLvsKFVK9XaSSIRZRGBN6mw54iVRMpA8aZ5KBFGGaos1gMTACeiRnUZbtPtzj2ag86FSMEWUZAc0D0hKFAFZrOReiuLPNprxznDLoEEd8qd3zZP635EZBn02UFhHi1G4PIHNucHiCPAyyIHy549fvk06ZYybOinLgYfps9SqrVvXeouQVhDPa_-V0z4zCRgI0FKHGSz02VbHQS13sFcK5g8gTBIVBx3XClltQKTR1IEb3U0trWIqscz8OvlDoYD2HIaPYqgelk6St8CyiU6IyxK4OZj5d-QbUQZiuU_TJ67AxU9vYiZHlc0bNJBrbOyv48b9xBf8xLzwezJMu9MvHs3sKC8D3uG3xv5QMmPCgs4RXqzH4mC3YIYzcYpz0Ktcoxpt782fsN5u5VD1__QcMtyZ_xt2HuJOnkL3jnjsCaP0DcvBlreifvMOuPGgBgAyWctJboUrzZxy5OrED6dQVMPUcbsQnulyTKzHBBozDFM6F0h48uc53KSqqozINyjg4G5VnHUQic29oO92MTDUyNv66T9DpXLK78XXpY8a1cwmUGoz3WpKvuQdl2nRa-HA9k5Qsqd0VL6jd8K_HSyrOF9V2KMUl-CDWGSczOnsMvR6Xlr3F4BwG5dzEqH8is25k1EYqpsanUd-ipJA7Oc8Rl9T76sytT_a_xMjdjPp6YkJofNGi4vuBC2kXUQ0lZLpXnJBrNMkoD870h0LX3OcWk4CmTWhOvs_PEJFkUyQg4SYmRZp1AEXVriQKjaWPvuSPsBQTo_JmSz6f1T3g8j-HZhMfDQaFnMOTHiTmm86y1mP6ZSx22jfzoLAsX1iNwv404QG7zjhCxbxouOVonSiZceB1TI3X6l9Cuu0aQsifBfpyiqR8zZXD7t-_ZXhqQ6iVPvJEe416JwxXx1eY0WezzVBfG07I8EpaVnXl7rl7n1Bcq2APKxHXH1Iz3KHP7IJeJjBRSdfRu7p-WJnb3gIM-FmaY-Eff8WGDOZqaMQNjyf1X9_1musYYdN56A2WnZmIgSxUPmojYjCcAUo6wj4JxyaLr_BalyUYq7nS1ed6GuymZy2rxTWQ5HGaqbHXFaczvf5SYLrBGDvZT9OG9f9YKj8YmAud3D82a8C4k0vKaVPPNZ7QmGXazzVpWws3YtMycMMaCe55KhmbwpK4_jdHDSZ7o17txkuT37pgrFjuQAWJ3i-YY4ZPHtyw5xfgdpI2cP6SRxbPRX1uHZO1gBI2vOu0q5ONgfyqwaCbaTdK3jthQo2OZWGtKsfF4wNHTlAnAIJqgr4X6b_DS6DIPxkiOd_owLy_7HcQ0ULdXDS9RYQaslbhxqHObYZYI5kTLyjyRFgHcz2Ul9dEMmJwzFIVZv5iRgF4w2RzBI_ILcJQN4&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=1927283169535446500&adk=2215386028&idt=124&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f9ef535fe2bf06462d7590670ccfe1bf36a28bf0cb90d01ed2463276bea6e64a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14148
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame FFA8
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DM90z9JDolRtudeue4C_wL4AIwfsITT0V7Ykvkwrh1RkjkcGXYnhckjsF6KfI3usRO5lcroeT4VBdj66qChZ4vT4V9LSiWzTpgduVc2W-OPDBxpyJQ7JwNkVdc61kZsRUMd4sTM7cj3C6W7-B0WDPccyJfTESP811vpSXTBSRF4z8lqgI&cry=1&dbm_d=AKAmf-D2EBjAAYIFwWDAT2Th9oiAmWipnBYPDHNnp_06i2Mt5imi4hty8KyOgMrVGzgIJ4GWbBXNPqL8Fs5LOu425OVxAnSXg0_u92pSI-37mu2gdvyu9Mv1p1jaOQoOfpQ0_x9HyKroAn59eGtbXQWX09XpHwRNL6nhqkl2xl2WWw0aVbey--9GjZNMD83kzmr62EGqYuK5xLaGndgpSVwYHlMSll7oMoWE3l70Y29LZo_seWX16YsinTfTcE8tlaoSU5TfV1vqp1I0D4N-yJa1ldUEShqZnJ_CH4sH84Bg3NybTc8YRPuIDjsFrcFTQ0ODuq0hHiaiU2oIQZZ6kWS7hM0hEtSYNMG7yiTC4Ga_BMPRdZdrIeGSQeLiWLmhHugj6KfLUl54IQJtd0dhojclIQr4W4US21Pkw-eIW7BxXNo1tmGutI4mQJgtU4E9kvKeIdZJHhqvW5mZNqpxaLrLbIvarQ02XdqOujDZwvyQ97KUIBOYQU2nvezW-LpYkfKcv1eyOxeyEugnpOblCzuvL_NUUEFt7GTmt6PzNx1H0dqnNKCm19ypNoft27Dn7Lb_H8atZHC1XAKcse2kQ5M8Z7Fdt7QVHcE1XjDrPFkzMs2kBSnfZhaDKMtJeIovIf-Us84OMG_wZR7sQjkZ5YrbuYDvxB1muzzYnAyhenfJp00rnOKoD3tCmJKZL2Fdj7am772IneevxMU-6ma966v1aoJJ3ghGFOsmzgv-Itz8fsW4UA1tA_eb0SFbfdbdrmyWWVJY4aQy4-UcZ6YQTCBzwoncSW-alhzY4uIiMp26ZQ_nPbOqzlZL4geGDEhbgF-htlJrzQvnZUEgR8RMi1Ju152gHxtQ8hEMnpLgVWxy5gCVP25y2sLFzkKXfzYtzq_aZrxYEawxMs03PKwSy9zEpLgf_zmZSYLVBPqfzgIyPBWL2iNoEfDJn162meVu1iuLRlW3wyHk_ky58bYYUxHISPzMS1LFKmH6YBLdInp7oiPB86et2bndwJy2ktKeI2QlB4ZxCMXzB_eAk77A683sNAhY-6SgHS-D9dNy-sZMpZXpVbBVTgilq1H08g7Dm_jkqyOqDaSay_MRlkHx_f2GG98QS7qeaQ8WDNXWACXXSuDCNqyIXSdXFmWsHnRO95KXI48VuWu-mDLT4ez8DsEBJbn3mtNkjzflvi4UXatntDpWVA-tey9hGje-fWzj3i-JhFvf9ExHg9WMdvzGv1Bbl-1Qddh0RUGCu01eNYRCuCIUUMNIPepOdw1ojKahbLrlKtiuzpnCntW-ir1Rl9sNhr7-sUG8ooYuyKxIF9x9jVRhvg-yUwHr2q_xKGn9mTc-mIcwR43A-Ti32Jk6dgKPUzwj2-p_7mlwLp6-rc1NaqbLQLu2D8Xknj3ePmz_lbQXe9Bq3-C6_RuXmxaxlCe_1HTnKcn-9-lOscFSOOmGzzitbctUbPK9uCR48Yy0FSD2VK7ntKmlm6AXuln-nwYNkhG_BnpEEcV3K9vdS0FY-4oAYrVL4E-VVxr2Q3kqVUJO5g9-xe6KP4r_t2JXtWUBNHA8VHAmDMCmzVWelwnjycu5pfdXGCVCb6YDUxf5PmIJbLTtg6q53pq16AJPPL_21hQ5Xe8qm1Rl2OXr28e4ag7N-WedWP8EGqgcmOT9oJYMkzU92Yrc9fV373S1hQDL5HI4tXs3XyZqDlfJpPL3gUycE-8cMBz8tQDykQXwwNspxoNbFBkwX4TFKVBwQS-W_NupgAC9F49-IzXtXCSrKXMZsqRB5wtbcIssvF9ta0YZiy1djroEVmEwzhY1wIQu1mQlvki6mIcLqy-tyiVfnCcUAnH8jvkbgwnDl6HM-qzBBeB0lGgnF0l0JaMKVZ2FCZveB8CqoVLwdo44VdxW1Gdte5DurJlvlfKS3SYnGUNzd072SPEkVj4ApNJPn5i5CCngNAY58yn4BTwum_-NFFJZiWKinQ0ws_d17-ayveUKOOovBbWlRoYSWDJbyXR2MweqjpD4BCAekJWMuG1cZEMpG6rVk8qpoFYowRmIS7pS0ROgUagKKkufBb_XklhsTROEA-j7Yrfi8rAQ08lJsAHhUhWngN91dFhXEmbhXqRBB1_PZU6vKHsD8-TKkp8cl1PSWWBwXEyaYMeTO8aqW808wHvK16-O3VhKZIPxaXVsc1VCeDEqsar-3hCIFw6tVr6O8hrH-0OQrAUFyv75QrsH3rkOlUa3wsjT-doPZLJbfj3_F-AKb8vHUlRviWuceOkdtQoos4_rHa2OR7E9vVPzkI5RQ-YxksyiKx1r691QDo4N-pKLPXPr7DaLoEgVJE_-LU8_wy-1LVpLzeQHhu8O4BFbJpDERN26XAVqrUO1kmFb_0EUUYDEQXQBUZ5iGJ4hM3nCfg7BTX-LIDkNq8V7mzRdwOvp8-5aNYC6kgho87PadTqopYoHS0xwJ2jUzhgqWjnaSl-AC4QRRrHjQ5iqFoHK2j1wpoOU-40O4Fr793oU4Yi0-B3nLNoyvoa2dnnsOw1pIhmb7grkAwfyKll_cYA4EH_VIvpG7fVxHGGfxVeu57LPyL3sUCZoK8D-MW4Wd9xwxjlIYkwThXBqYG-bXOB4JqXVTJqsoFaShm-3TNcY4ZpQt7RdJkkUu-D9TTL5OEHx30SxoGwNLsaWjjCZZxns8XKhe7H3IOmOAslf7mAnQHRE5ML3mzE9xEDAVxTiTBQ7odjqfti9A4uGsmjtIVb1YUx9cU7iq4h7V7vrkFooRJFhl2BU0CRR22XYzQNGyQvfuXsEjygy3_EK9DVO0M-WW3Dm1MrdJZ-_dL4NZRZDIR1DeGa5ayIcJcAMM8aNk79bRaOmP5QxXEHiHYl9NH-vx_R0oysj1rnpMxrET2eFDDP06sfPlTTKHDVgumZ7EV6vp9M-PgADL4uxtIY_Ozi11q8McA2ftdpALga0Ad3T8GMzr8XJWPdoMDYiMCUDa9bcFlPcSf4ITPNhyPlMOnhI_wxOMPo00-7RcwDVeevCmentoNYyREfkpIPj3QUIk7AJX1EkVKF6rdom-3fiIuczfnx5_Nim-JJCxyUDjKuVSSDZfqi6POcVLIUENKIVul3UPHAeLXGiLkVOZph1iAiNW87tM_XxnCn-yXFkqhgixnI8lqdcWzItgJahfkqHaMMyCHTRfpde45u-zjWfTr0tDWzdNRmEEZiYS0m6AfNasVWnFDO2WeIld1MR14FVReH3znTfjhPpo86hULf8bbU-zQcPzRbpirqAPKW49CRUELphKVprvRHDvjcepTLJaxsBUsEO65EOfHlO9R0SJkIXERkVKI8Xrzuzq38FsdqSJCQ-OuRrDq_HUfzNQBaWW6_KV4q3oEBTgDzItpGozqoA1ihOmlOeXXOVJS9JKWp_wMjm_gGG2qBh9DgLLJSZW0ZN86_1_zjyoID9ty2bf8CHjyx4nX1BZzfxBLtx2YXvz6s38FNex0kEhxSLLjOvww9MeIap1wGxw9IjDx7nZm8j4bQqG_d8_oqUm25K7d3ESFg2VaW4XtK2Lq4vf8gx-Nl_Db0WTmbcjMGHsS7vhtaNvSznWPEC7O7PySsqIbZpoM3L&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=1806302508290720000&adk=1935140219&idt=109&cac=0&dtd=8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:07:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
14650
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jan 2025 20:07:48 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTEwNDcxODkzMTEzNwogIHNlcnZlcl9pcDogMTQ2NTI2Mzk4CiAgcHJvY2Vzc19pZDogMzMyMTkxOTE2OAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5MjEyMjUy...
ad.doubleclick.net/ddm/activity/ Frame FFA8
0
498 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTEwNDcxODkzMTEzNwogIHNlcnZlcl9pcDogMTQ2NTI2Mzk4CiAgcHJvY2Vzc19pZDogMzMyMTkxOTE2OAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5MjEyMjUyCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9hZG9iZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTA2MzYzMTYwMTU5NzI0MTU4MjkKZGVidWdfa2V5OiA4NjY3MDQwODI3NTMyMTg3NjQ5CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMS0xMyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDkyMTIyNTIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzODQ1OTIzMTEKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDczOTk0ODk2NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNTE3MzM3MzgxMQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDU0MTI1MDI4NwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZG9iZS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9mbGFzaHRhbGtpbmcuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZGVidWdjb252ZXJzaW9uZG9tYWluMS5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3NTQ5NzQ3MjAK
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f102.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xa47c5e3c91e95d330000000000000000","13":"0xb4fa6a7e929849d0000000000000000","14":"0xc15090456612b3e30000000000000000","15":"0x99954e10cb13141d0000000000000000"},"debug_key":"8667040827532187649","debug_reporting":true,"destination":"https://adobe.com","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["9212252"]},"priority":"0","source_event_id":"10636316015972415829"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
servedby.flashtalking.com/imp/1/225040;7936335;201;js;DV360;DV360FY20AcrobatCTXCustomIntentCompetitiveCHDSKBAN160x600/ Frame FFA8
2 KB
1 KB
Script
General
Full URL
https://servedby.flashtalking.com/imp/1/225040;7936335;201;js;DV360;DV360FY20AcrobatCTXCustomIntentCompetitiveCHDSKBAN160x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.babup.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://www.babup.com/&ft_partnerimpid=ABAjH0iX89oG9FDwGP10L5XjDE8S&pub_id=1&sup_platform=1&cachebuster=271526.9827553857
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.55.230.179 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-230-179.deploy.static.akamaitechnologies.com
Software
prod-xre-app9.frk11 /
Resource Hash
8b10f63a6e1c4defaff38afc5d40041b92f70335181757ef9d14eb58f2556cc5
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Server
prod-xre-app9.frk11
Vary
Accept-Encoding
Content-Type
text/javascript;charset=ISO-8859-1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
887
Expires
Sat, 13 Jan 2024 00:11:59 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 6369
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
69
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:10:50 GMT
expires
Sun, 12 Jan 2025 00:10:50 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
pagead2.googlesyndication.com/bg/ Frame 86DA
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
56e70c2fea595cdb15f418a8f79227fd5cb5838e2ee6e56fd44abc63e2cfa239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:45:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
314816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19703
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jan 2025 08:45:03 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 9383
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4s917bMB8gOmWpni2cxorx07Exzuu5VgWQyKFizcMXiyGGv1jklvo0bMRdO6FPOKiPK7rCRLZ3TW3EYcIbRiiyPGjUzoXMJ1LQ6f8h4KOiIJOwso46U-ScBzmc2AKUtkaZLH4ejcxVpGxTYKKBEASRH47lKXBQil2namBDler_GQ_E-k&cry=1&dbm_d=AKAmf-AM0DF0lx80_f7aCnKtPOb13s9Nk-r6unjEHVk1N_DsEQvS3dnaggEnBRZDQ9VKiJ6nnfNozp1uI52zv2XNLHtxYyAnsMf_Vpn4_tinIacf6Qdg2ADIe4osr434am2JrX9Qsm_Q6BEuWIdfZNXUKSTr3AG_r_-Tv6B1ojD0zbkiPLCHf2q-G9UGlwMaIff02qhewWFPPfdZKCkxSXyMZjV-5PEq15pw7CUqMGc50xI747D8KhWImr0nrIWeoU-wdMHBnrXKPxZZPURsk8IpxLQFCokMgfPz_NqZyTS3Z_kvcWBGhB2nbHt9eBSu-RU_jjgPglP-9DfM7u-_Lj7Ss_UvRy0ZhLsYd9fiLByHV8knrWXWqZHZxBOeuUmKjqojaXm7NeXKEG1jnf4dsavGCcqfL5Six9UIuPDMqRuaOSBMiUbB-dfftFggxXzPDSul36oOkSA-hmVQZEg5VIBJEhdNaJwkg6gklPa6-P0MF2JyUAO92jmqMd-s6GLDJk0mZ8FeZxMXXDqBV2DKDfeycqj3XfaesguEdtCW17tvVIN5O3krNmHry094QgREjvKEnASRDlTiD9atzsdwck_h0-NmYlFTU_EFZP6YQ9BBB7ixw2aOMVjUcCp8xe-0cuqGHo-XXwvJXt0_wHARa0YUvu_soNXLGuhc4zUK4ujjyHtlIA49ZW4pWMtRhsISlGfRFG88XQEU_qNDV2DLizhRdSONe3iIey8QX5_9SZtW9Nv_HcvEO8xztGpehVkST8gF5E0ZBoPyZ4WR9AxoWS22yJ7DzEx9RiHFNtH_M_8Kpd64H3KJsCwI1CLXU53RrrEv8_GLmeopHQoNyuCWVo9gIY_qq00v4cYwLxe8tQem_G0AlDt16f81LoYNDYCzAp3dMvLLfi5CiWrtGvynr0wVo_BWPU01r5ymxxNCI-Epx3mazDp4HaFyD7KUlYiEFb7G1FQOYOsjNTAOzExx8YA5sllDCnZ72OVHT6TVMIeJdasIt0nvusALEeCuPcHj6XXOpYQh_MeYPoyJVJzApO9Z9kQIIjoWegjIsrSQrmH_yPv37vCC3v1S4h5opluVezunorumwc0Q-zm1Ul39ei9jTVKAK2jPs4p_YTtG_oD8vZdhdj-Ple4MWTrUrTSkOw3mE2xz948WBoELconPUkIgozD6jZ3b9QLGmSo2X5l1VZOQVhTDy67zGYnUcLFNgzpzbn6WFLtFLy7aO9832Qhsa6UM7IczHvTFaqLJGw2chlJOfJ3fmy3Q7veY-VfHy91ki5oJAMJoDE3sw_FfB4IFYosPmFscC4ljOVx0tZwNw4Jlu3rsWBXl5YSyEGg1xhW34yySmsqbZKe7OApQj078hGzLPEpxo1hG2uFrYHdiAh-cHKGbN8TY4tYot5CBga9cxUuC4r9gs336GUg3BI4hRlJbjirqE__zzWMtpAZhjqWlSQNngWu4rdvCkkTX7JV8SSlj0F3s7YttBJmcEPNcAe2-JKDBT26bnL1XmdsWUqHa9RShJ8RYnBts4WJz8tmNxcBo2v_DRs2A67x1mJD5SWPJbljWtggYZmE12gsNGX53HSFs6LY-CwTn7reIyAIIfbOz8mCfy18R2Jca2nG3IKOFutNtInejGW9pcd_Lus72LuzKmI-wIcAZPGaIBlBiI8h7k5SRxd7dSeoDW4uMFuWX4qdcE2O_DgkTvn7yW4zffd2KZGB-Dx-zV1tJesfujCrc29zdOBkQz32T7c3V4Kt236mysbYIAtlXbMTyvaWZOn4AjffzvbMoeFGYnvX7U_J0E_3Qa7KianOabzj702oAgdmr0kzXFQJvPy3f0xCkeLW7b3FlcZcm40u2ZOfUOzvdUiNoFG_UZp-bqNODWQJ99opMdhC-20YfLA9QGaCtzdbkO2LVhBz0w-PupG2jgt4OTldHN_Pycsr51RIAOZsaKSVtdhdTZwO7Yskspm3UsZ3pIdfPiiCtH-ukkVhngkgzvMpLnfHRlfwnFrXicTAx-BpbG3K4zCfvrIrxisabg-Y_o75R_IWySn7PR4BBdFYzLlz_dcT9-FNS-l1VViU5mEZWojPEUfYcHwLSUNJVdu_h3JW_fX6aHDS_J9nk0WUEqwrabDf1QfhZIutoimxKSGTh6ULaVXjpLUir0iCzfkNkMxgxGXJn9Mykxam92n3iKlNb9Rk-rNI-L-23OXQIxVB6Sh2dMc34ALalOWb_r0NE_dIqpykyO0s9cHFnqLRhN4w8RNAdh-yQcHRe1Eu5uyIrUMpTl9VZzE9mqwnZnfE2MfWLXKuFjS4-Ld2xzvlbd_CiDe79IAVNIR3R8Ixw3i6UZjifIRaVqqYMA2_a-D656gkpoTQVcQWiDspC40lMsTHJdxiN6TYqDjPZMmlnslzqjwRZ-vj821jGnu9hAzfJU5TsW_P60AUX2GZI4lxTZmeEb4MViE47KLwNm4_yyXlDqJa1nqgz6kVcjPmPl-bsSs8cK2MXn9_PlJsAPXzYngLLlaEnJ5vJ4UH9T8TX0fhsdFKRZFmhKt2_F2DasVC6-E-gITtmmVwmREK9NLFTieKiG8MWLRffNcLLLyCWiGwrTFR-vfyhHn2k1Z3yN9Q37jwUoCWpSF_N0FcWH6AkfGoqdxAALBdDkibEPn5HtFQC3_JhA-7KIFLoZ4Q0Ea8lgB9oYVL01_zcQBGHgouzlzXetEXWlCjyeYPWOU6gLzc2ztgq25UnFnN-WirGO-U9C3g3zkJeH8az2zcYvSHbOHWH4hAjkEkWp5cE8KgmoujqHF5-_a94Ef84mzl-ii14XJZArSoGWthtBolokvGQjSGe_PKVXJlR7LprATxp7uBeKsM8jO-cHiaTO6Nla3zjCKTV2dl_CXAoQGRAdHPuL0qsleYsPa6010XO8qcrAqbaItVmbH5zsCVJfm_iwOovxurZQ30UNF2GOsUEyi_u79K0Z8lgcMZYsT0PZSU9UXoo4JpdNLs5id-B35qBMLnghgPdIRulC8RgtxRgrkBmgD1tRS18JwNK79qSLuFykNriLZFjCFynGRBNgMamjBEmsQHknATSRJbZitHbvQ4rmwYRpSVkdp8GwkV8aCGkaxGApG2vd6NsIjLoQutbC2LuFjPutuxGwQjdHPMThTEXu4I6RbD3A_hmgXJRYR49qpPBXq9luFG3zB_S0TJ5rP5P19y4qNU8DfNACM9rtll39opLxzlboBH0nn0h7xhZtpVrQd0yGYJy22TmF0Qy0kMdCPmerWhqkBBiwmLcJfFzXcHbBKh-oPpDxjzj9qNJaXh90WyEivd98ROOkk_LRpXeKqIo7z9AJUp6ZGsbeWzpvwBXgn_gKVup5OvNvAAlapscKhBu8YkWaBiHcvElJs1IOroDO7GSE9oZ32zjgmfJsSjT_Iq1j7SKhwNm4k43G7Z2nlwDhRNBQ_rZiNCYijVp6LYW61g-kHJtIAFyoLUpQOnpCsFjbgE4aNi4fUwUEWojRj2HzW352uUhQHChB4KlbRio_v8ZIJ6Y81RhG6p7TZ3QJfiIyMCNm4lKO2fms4S92aP7pXbOSQq2Hkoiq7zA2mHcyNorRryS7EzqdbC1iWId&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=4923925234655077000&adk=1405019968&idt=165&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:07:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
14651
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jan 2025 20:07:48 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTEwNDcxODk3ODM4NQogIHNlcnZlcl9pcDogMTI2MDU4NTk1CiAgcHJvY2Vzc19pZDogNDIyODY1NzA3Mwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5MjEyMjUy...
ad.doubleclick.net/ddm/activity/ Frame 9383
0
857 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTEwNDcxODk3ODM4NQogIHNlcnZlcl9pcDogMTI2MDU4NTk1CiAgcHJvY2Vzc19pZDogNDIyODY1NzA3Mwp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5MjEyMjUyCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9hZG9iZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogNzU0NTkxMTEwOTM4OTM5NzQ4CmRlYnVnX2tleTogMTYwMTI3OTQyNzkxMjUxODAwOTEKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDI0LTAxLTEzIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogOTIxMjI1MgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDM4NDU5MjMxMQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNzM5OTQ4OTY2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE1MTczMzczODExCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNTQxMjUwMjg3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2Fkb2JlLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2ZsYXNodGFsa2luZy5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9kZWJ1Z2NvbnZlcnNpb25kb21haW4xLmNvbSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc1NDk3NDcyMAo
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f102.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xa47c5e3c91e95d330000000000000000","13":"0xb4fa6a7e929849d0000000000000000","14":"0xc15090456612b3e30000000000000000","15":"0x99954e10cb13141d0000000000000000"},"debug_key":"16012794279125180091","debug_reporting":true,"destination":"https://adobe.com","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["9212252"]},"priority":"0","source_event_id":"754591110938939748"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
servedby.flashtalking.com/imp/1/225040;7936335;201;js;DV360;DV360FY20AcrobatCTXCustomIntentCompetitiveCHDSKBAN160x600/ Frame 9383
2 KB
1 KB
Script
General
Full URL
https://servedby.flashtalking.com/imp/1/225040;7936335;201;js;DV360;DV360FY20AcrobatCTXCustomIntentCompetitiveCHDSKBAN160x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.babup.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://www.babup.com/&ft_partnerimpid=ABAjH0hz4_Q98kjFB2DH0j8xJuaf&pub_id=1&sup_platform=1&cachebuster=71118.05353613732
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.55.230.179 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-230-179.deploy.static.akamaitechnologies.com
Software
prod-xre-app1.frk11 /
Resource Hash
5edebd5f81bca146bdaa08755715b54ab6f675324b53fa6b1c210f6788f9c2ff
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Server
prod-xre-app1.frk11
Vary
Accept-Encoding
Content-Type
text/javascript;charset=ISO-8859-1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
889
Expires
Sat, 13 Jan 2024 00:11:59 GMT
MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
pagead2.googlesyndication.com/bg/ Frame 6369
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 16:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
29426
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15229
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 16:01:33 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 477F
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
69
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:10:50 GMT
expires
Sun, 12 Jan 2025 00:10:50 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 61B7
41 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ale9h8mqeOqYaXjpKb9ggn9Pn_Z52ApjSE5kaex_tGIJ4N_8m4zhxaet9jp7wB8qzwuTgSnm5MIiGIVG2bEEtz-guDRLTBg7gBS1j3Mq6ZA0BeEaq5eCLRuGlfebc77PvsccnPh54oR1rdg4Rrw8ChMrvYrBXpTVEly0eda8botoTHG_U&cry=1&dbm_d=AKAmf-DjmA85XTS7sb9zSRayxkVpG_bstIYxhipy1_yFHqujT8h_2Z_tNl7pQjsih2XWs8HW9_7dR3U4nkCwbv28L3JOTP5FOlXAtJvxSC9cvlcvPig77JSYwyKMQZ_HojxSmyC8s4po4YvlVLyVlGN60eF_CjRbLkq4r5PqqkAOdI9XxAOnWnjaqKJfTuw_jTK4ILemZSf3UQFsGrbNdcgvzSB-Ti8kEMZolNNv6M2JKaxT5drwNQFMfQ_U9Cy18q0eT23pZqQg13bmPZfbBDQ4Kk01MnaLafp3sSo67TTBXpSJ72flL2QcnQKTxyk6tRn-0JZ27u49K5azAsksPp88p5pYdfaJTAIXw2uIVon-wJlgxu6X7W3kdyOUKO12HN9h3z_9W-_LGy9eZ692eZvuVwjCzjUGVqpUplKM0wEckgI_luBZ19oSI9MHHRwog8e_Lgf2EWMj5SO3sZpAIWBpT6gKctMANnDaglNrP5nC1WqT4887uTZZ5M6C1HHODrlwUf_Di43xJ3x_HW2xL0uq6c69YbTVkMBE8o8tgc2frBVqNqyh0gmchlsiRkRCEVvI8nwjUjIRaYfrddW9YAQUEBi1G3h6SQhoT7pu35jwSfkLqfgu1WamW0_4st-JDfkOFWDbylyLUaijdSixWH4XEV5ZfYG281K6Wy3lMRVcPnorAa9Ay8kXpP7yxqjODzT3tC0AVkaIjXzQi_Os99dDLcG76r_stViMWQ6bqTTUWx-zKsUJDNSjpC8EwsHZ4fdFYKmAchYkCKTJTzjQwSIjMlmAjiJybxQ_ICptqYYVU3E0vPt5QrRY4SDZ8x3svbOzh3znDgFR0Ax7ipGx_SuDzN0uZl6FtMWJt0pbJchJYWyj3OodEnfbKnkF4gMHHx07blotmjbeS3GCgtWwgbQWqHfUPbBPGao4dgQgbQYPRCGaP5qH5BHlSM1XkWb8vKD00ugBixmI5GNPFV-Xspcudu4-mZBeOf9gUWK7uMUTS1s6JTSzSWtgvvjud99DfcRa2w3dDOpoT0wiYXg-mKLpaPbiGhsv4UmUkV0rQdwtXXLpM59TSZJLQkV6M125dLOEpnmCfEkqffvKTq83T1JBUCFexcJ76Kvklk7oWzhOeZr4VLUjdTepmaE10oszljyft9v0JAMo1wDT7trP3Xgjc4ByvjJevrGTKZnu2km4cnn4q7urQVQHOaCOdN8exOKyyNnriAx5lbysTqieD5vqsmkkEs2ZNLm3lfGSmHQORuLw3Lp77VHqgRKw4z6gkjCPjK94bx2j15EQ2E8joyovm9AexQD_lMKge7sfmtDhBf1P1U4WVM92sbzsq7FxsFWeEKaMfCsgkt7iOpIA01Conzr3SAHf-X35WC3P_VVl2lK3hF76gE3LDCslc0E4O_uPUa79v7aQOJ73QRrdtr5yW3AcVjtXk18XDz_yhwBpMniT1gGTglYdndGYJvi_85Y1ZeSgqAsrrxVZdNGPTFiZJrganxO0bR6x6Zu8wftS20ukbhgNJ5EFMX_1sIhxR-de2zYfjuJi5vvx5H5PJgUYSrKs_urVskoXfjWFDNj8T68yonaPdEcxAdTuVz7fWtBj_e64CUU9TLGbq8jYte94Z4RZ0bzUH_4VU6RKGat0e4aSoGvI8GIHkQh-Ei4rADMC7jjV-QVCDGJWaFxrs-VwGg2s1fpcsC9TIuFwS23oiCBO_fIL4M0AEUZ_Oh8l8Qo0WFBeyvykAQsfvMnxMiVYbygsND6SqKuxuh_X_o2NBIh3nnBIwyDOj1Rr47923zQJOWF9OncwACR3UHC9ze-S_9MooSH0_CQtapHTBNnraMA5HT3idO8jfbMA8PfRiw6Fg4yPI3nSlF4w8NpB-gN13h79rS5tayztJOdoNPG4yHieug1uDFRkFTuOdARdG6c7dj-Ehr1yiaRJ92So3GVEWvI3kTHifnGCDaG_7Ue3oZYzyJeNJTOzoqka7i0wUlIH_U36gQ7mHIbcVz3vmARy_lzkADNUrWML1Q3yihN1S3DZSqTd3aNOzKpiXy01i_ZcwBnV56soHAzdwRR9mMNb0o0j4X2zkcPfsxyURnlaJ5VTHOyayfpPO6bifzEOiMhdCo3IZYdfVqDeoZt6zGWEzvxoHlZZa5oY4aqYE4IusVqc8YrJzFoh852JqL6maFAALDzDsFLra-xGnp1dyLhSW9RG-INL7fLvsKFVK9XaSSIRZRGBN6mw54iVRMpA8aZ5KBFGGaos1gMTACeiRnUZbtPtzj2ag86FSMEWUZAc0D0hKFAFZrOReiuLPNprxznDLoEEd8qd3zZP635EZBn02UFhHi1G4PIHNucHiCPAyyIHy549fvk06ZYybOinLgYfps9SqrVvXeouQVhDPa_-V0z4zCRgI0FKHGSz02VbHQS13sFcK5g8gTBIVBx3XClltQKTR1IEb3U0trWIqscz8OvlDoYD2HIaPYqgelk6St8CyiU6IyxK4OZj5d-QbUQZiuU_TJ67AxU9vYiZHlc0bNJBrbOyv48b9xBf8xLzwezJMu9MvHs3sKC8D3uG3xv5QMmPCgs4RXqzH4mC3YIYzcYpz0Ktcoxpt782fsN5u5VD1__QcMtyZ_xt2HuJOnkL3jnjsCaP0DcvBlreifvMOuPGgBgAyWctJboUrzZxy5OrED6dQVMPUcbsQnulyTKzHBBozDFM6F0h48uc53KSqqozINyjg4G5VnHUQic29oO92MTDUyNv66T9DpXLK78XXpY8a1cwmUGoz3WpKvuQdl2nRa-HA9k5Qsqd0VL6jd8K_HSyrOF9V2KMUl-CDWGSczOnsMvR6Xlr3F4BwG5dzEqH8is25k1EYqpsanUd-ipJA7Oc8Rl9T76sytT_a_xMjdjPp6YkJofNGi4vuBC2kXUQ0lZLpXnJBrNMkoD870h0LX3OcWk4CmTWhOvs_PEJFkUyQg4SYmRZp1AEXVriQKjaWPvuSPsBQTo_JmSz6f1T3g8j-HZhMfDQaFnMOTHiTmm86y1mP6ZSx22jfzoLAsX1iNwv404QG7zjhCxbxouOVonSiZceB1TI3X6l9Cuu0aQsifBfpyiqR8zZXD7t-_ZXhqQ6iVPvJEe416JwxXx1eY0WezzVBfG07I8EpaVnXl7rl7n1Bcq2APKxHXH1Iz3KHP7IJeJjBRSdfRu7p-WJnb3gIM-FmaY-Eff8WGDOZqaMQNjyf1X9_1musYYdN56A2WnZmIgSxUPmojYjCcAUo6wj4JxyaLr_BalyUYq7nS1ed6GuymZy2rxTWQ5HGaqbHXFaczvf5SYLrBGDvZT9OG9f9YKj8YmAud3D82a8C4k0vKaVPPNZ7QmGXazzVpWws3YtMycMMaCe55KhmbwpK4_jdHDSZ7o17txkuT37pgrFjuQAWJ3i-YY4ZPHtyw5xfgdpI2cP6SRxbPRX1uHZO1gBI2vOu0q5ONgfyqwaCbaTdK3jthQo2OZWGtKsfF4wNHTlAnAIJqgr4X6b_DS6DIPxkiOd_owLy_7HcQ0ULdXDS9RYQaslbhxqHObYZYI5kTLyjyRFgHcz2Ul9dEMmJwzFIVZv5iRgF4w2RzBI_ILcJQN4&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.babup.com%2F&ds=l&xdt=1&iif=1&cor=1927283169535446500&adk=2215386028&idt=124&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 20:07:48 GMT
content-encoding
br
x-content-type-options
nosniff
age
14651
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jan 2025 20:07:48 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTEwNDcxOTAyMDU4MwogIHNlcnZlcl9pcDogMTQ2NTMwOTA1CiAgcHJvY2Vzc19pZDogNDE2MTUyNjU0MAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5MjEyMjUy...
ad.doubleclick.net/ddm/activity/ Frame 61B7
0
500 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwNTEwNDcxOTAyMDU4MwogIHNlcnZlcl9pcDogMTQ2NTMwOTA1CiAgcHJvY2Vzc19pZDogNDE2MTUyNjU0MAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiA5MjEyMjUyCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9hZG9iZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTQ1NjI3NDA2MTQzOTYwNzQzMjUKZGVidWdfa2V5OiAxMDI1ODM0NDM4Mzk2OTMzNDY1OAppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDEtMTMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA5MjEyMjUyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzg0NTkyMTg4CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA3Mzk5NDg5NjYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTUxNzA1NTUyNDEKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA1NDEyMzAzODUKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWRvYmUuY29tIgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vZmxhc2h0YWxraW5nLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2RlYnVnY29udmVyc2lvbmRvbWFpbjEuY29tIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzU0OTc0NzIwCg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f102.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0xa47c5e3c91e95d330000000000000000","13":"0xb4fa6a7e929849d0000000000000000","14":"0x654b72640056968a0000000000000000","15":"0x97dbe75f76cf54610000000000000000"},"debug_key":"10258344383969334658","debug_reporting":true,"destination":"https://adobe.com","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["9212252"]},"priority":"0","source_event_id":"14562740614396074325"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
servedby.flashtalking.com/imp/1/225040;7936214;201;js;DV360;DV360FY20AcrobatCTXContextualCHDSKBAN728x90/ Frame 61B7
2 KB
1 KB
Script
General
Full URL
https://servedby.flashtalking.com/imp/1/225040;7936214;201;js;DV360;DV360FY20AcrobatCTXContextualCHDSKBAN728x90/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.babup.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://www.babup.com/&ft_partnerimpid=ABAjH0h8X3AMexjp_W5muwB7b571&pub_id=1&sup_platform=1&cachebuster=840475.9888753721
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.55.230.179 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-55-230-179.deploy.static.akamaitechnologies.com
Software
prod-xre-app7.frk11 /
Resource Hash
2c8f6458e26a06c52663f2baf600362950f74bb4c1fa937e219107519c916d0f
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Server
prod-xre-app7.frk11
Vary
Accept-Encoding
Content-Type
text/javascript;charset=ISO-8859-1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
887
Expires
Sat, 13 Jan 2024 00:11:59 GMT
ftUtils.js
ajs-assets.ftstatic.com/ Frame FFA8
86 KB
26 KB
Script
General
Full URL
https://ajs-assets.ftstatic.com/ftUtils.js
Requested by
Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/225040;7936335;201;js;DV360;DV360FY20AcrobatCTXCustomIntentCompetitiveCHDSKBAN160x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.babup.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://www.babup.com/&ft_partnerimpid=ABAjH0iX89oG9FDwGP10L5XjDE8S&pub_id=1&sup_platform=1&cachebuster=271526.9827553857
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.196.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-196-34.mrs52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c8398e3a12c77db0695fb66a0b180d4492ccfe268435a59abdb9a056bbbf92a8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 16:44:31 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/5.2), 1.1 ee1201658f9d75389a77c4430657c174.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P6
age
26859
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
26311
last-modified
Thu, 11 Jan 2024 16:43:14 GMT
server
AmazonS3
etag
W/"3643773625f898f1236b1c08c2d13631"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control
max-age=86400
x-varnish
764114300 765501255
vary
Accept-Encoding,Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
6dT51_C_gPuhWa4kylTfDYkeJXeLnBRieAlIKIhc-vatxr0Eip5hGg==
MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
pagead2.googlesyndication.com/bg/ Frame 477F
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/MCFrRHZE15CKjvM6RLwmjguI7mqh03m56A7oA9GJNi8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 16:01:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
29426
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15229
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 11 Jan 2025 16:01:33 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame F383
38 KB
13 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
69
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 13 Jan 2024 00:10:50 GMT
expires
Sun, 12 Jan 2025 00:10:50 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ftUtils.js
ajs-assets.ftstatic.com/ Frame 9383
86 KB
26 KB
Script
General
Full URL
https://ajs-assets.ftstatic.com/ftUtils.js
Requested by
Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/225040;7936335;201;js;DV360;DV360FY20AcrobatCTXCustomIntentCompetitiveCHDSKBAN160x600/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.babup.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://www.babup.com/&ft_partnerimpid=ABAjH0hz4_Q98kjFB2DH0j8xJuaf&pub_id=1&sup_platform=1&cachebuster=71118.05353613732
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.196.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-196-34.mrs52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c8398e3a12c77db0695fb66a0b180d4492ccfe268435a59abdb9a056bbbf92a8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 16:44:31 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/5.2), 1.1 ee1201658f9d75389a77c4430657c174.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P6
age
26859
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
26311
last-modified
Thu, 11 Jan 2024 16:43:14 GMT
server
AmazonS3
etag
W/"3643773625f898f1236b1c08c2d13631"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control
max-age=86400
x-varnish
764114300 765501255
vary
Accept-Encoding,Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
lxxtT3kl_qa8iWdQy_rJaLrQpljHFukvX8d_4udWOw81EhAQBcx0cg==
ftUtils.js
ajs-assets.ftstatic.com/ Frame 61B7
86 KB
26 KB
Script
General
Full URL
https://ajs-assets.ftstatic.com/ftUtils.js
Requested by
Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/1/225040;7936214;201;js;DV360;DV360FY20AcrobatCTXContextualCHDSKBAN728x90/?ftx=&fty=&ftadz=&ftscw=&ft_custom=&ftOBA=1&ft_agentEnv=0&ft_referrer=https%3A%2F%2Fwww.babup.com%2F&gdpr=&gdpr_consent=&us_privacy=${US_PRIVACY}&bundle_id=&site_url=https://www.babup.com/&ft_partnerimpid=ABAjH0h8X3AMexjp_W5muwB7b571&pub_id=1&sup_platform=1&cachebuster=840475.9888753721
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.196.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-196-34.mrs52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c8398e3a12c77db0695fb66a0b180d4492ccfe268435a59abdb9a056bbbf92a8

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 16:44:31 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/5.2), 1.1 ee1201658f9d75389a77c4430657c174.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P6
age
26859
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
26311
last-modified
Thu, 11 Jan 2024 16:43:14 GMT
server
AmazonS3
etag
W/"3643773625f898f1236b1c08c2d13631"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control
max-age=86400
x-varnish
764114300 765501255
vary
Accept-Encoding,Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
C5-RPEk2CoFM1MRXXTRix00Z1940I6DMXtPJocy0kIzvIqVHzz-LgA==
VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
pagead2.googlesyndication.com/bg/ Frame F383
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/VucML-pZXNsV9Bio95In_Vy1g44u5uVv1Eq8Y-LPojk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
56e70c2fea595cdb15f418a8f79227fd5cb5838e2ee6e56fd44abc63e2cfa239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 08:45:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
314816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19703
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 08 Jan 2025 08:45:03 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6369
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bhm-pTtWhZcHqOL6h7_UPwO2BsAwAAAAAOAHgBAI&bg=!4eKl4q3NAAaumcC-jpk7ADQBe5WfOMd3M10bmZ_ZmiZGt8F91Y7tAT36O_2ifgrCAA3lFgKeVLk0g20jdgGdFaEKNsrIAgAAAElSAAAAAWgBB5kDAlYhwl8AHvvNU1tJqJaNa6f2iUhe1QvO9aRUZOb7EtBiJK6aKhoKlL0OV9K-mPPo4u0YfKdvXwyfjS9ZNFEUsViFL-587H8VrL1jupCVx8xrEsa5wG8TacR-cp0jeuWU2fc-jCS8f0a1aL2h7OZ78fnQkmSEKthvY-5S1M4x4gTti5Q8VJGJ-BxiW77_zoOQwotLhvzMrzYG8H_6gLJLv1ucBw7vNv5TtUI_qZINQYEUGcyX-bWSIeFHjs7nSunx4j15Z0g8ZsPRpH9-vaVSOTuajZ-tHybRuSxQMSapvk5XAk4u44kiSbicf3GNwhBGUIRdzjf-N46Ir8lLdfm_4In-qLGPXXwIxy0IvdfE1-RzVa0CRFKHd2_NKH_tvOscINeLXjTBS2jFCOtD7UlbkzqB2UKr0sn7aT0MU5vISP7VdWIFUkMVr8fwxRnNq3Uz0iPP22vFOvmt2SDcU6j_zrU-yQv-Kjq3n2KzBZzDFNdLN_q9NrkcN54lSk3UTP9Vh4sa0bl4b3urCMEZAhYost4wrcYPcZirXjLj0YjH4hrh23l_ZLheW-up15QB3ZhfCMF-f_wCnsaFYMiAwG6oL9ccQhVLAzvn3WE7VGQvhcpN4BNOhAxUrtft-dNwPqXFYy-ONQFzawampe8wNYNh1FC_BNM_W4Cgcx0v3mk2F0i2W4PNNqbuDCe-9oDv6rtiU1Tndj2vsKy77TEkY60ACOp9vGl1vqmM2qEWVHcIWpF2pio7kfbTRWG7mZ5RPkp6p3Cd1UzAhS3CVuHN1Ir1Fghg6KTnRaYKiqua4xo0BTyrIaHiwG5wn8Fna83ZD2QRkdQYcJ96TNLVQhRQPdjfs0wEF1Pei-7HJ8hX-brmgqSpaMGYTIhT3b2njyEzwUU1LM4-5o_m58Mzf6SrbGsBuQBx5CuPqvyW0jHlVJcG9toUzPsJ_DK4rAxd3LPOlbHQ0zNdMk4YLUJ2NgCe1NMtpK0GVy8lTAQ21kabdwcnGsAhxKtkzOSWnHIYFVoFu0weO56H
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 477F
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B_DROTtWhZdHbO-OAjuwPsd-w4A8AAAAAOAHgBAI&bg=!9fal9rnNAAaumcC-jpk7ADQBe5WfOBdDDeAcvbGMeMWMaEUo1EjLVm6EQqL5PY9DfTaVUS_YL5KXoHH99sMt-8_SvalcAgAAAD9SAAAAAWgBB5kDCFFrf4_Hwo9rGdHkDR7-o1LewUl9IuTkuRwyVuA8BUkj6TUSX42i3PE0GuSGkx_ODrFt-yY3POm__vJBVoCHnLAoUHXwC9tshNOcIGf_5u37fHQPmFxskJUi__dOTn_-Ke2BDTNt8dtt31JB58r-eM4JE-2Ow4DTWNsrfYUH_VXcQvg0TJILdbwCEQaB7F_rjS57SUN_aMfimvxt8hTUKmASFGN2rxVlDsNsU4Q13jlMDilsK_qIjfh01CC95UA9pf8g107LzMhvMRsV9Tgex1NnrnpMI7rGjCzKRsotTfETwa3yC28pcL8iD4CUqjeuBXFX6w35nI7-12smX5fntkDo7ngz15S-ZsWNMb7qrIAOvCP0Xo7KiQLwRQGNQhLsnmGf7RTV5lAmCvYeR34Dm5cK8cyOIq8rcvxPupFbRjt-2qqUlnNndtah4JP84AFOnpN48NXJ9hRlY0v0H9f2KQo8bXG_XDRDIRrnRSma8G71WvbAMjDPdkohUBppyPrFCVoboOIWE8P7pCfn34t8V9WbHooCzFD6D1aOSBOMnnbOsTLyuMnYwhSuo0m_O7Wkml9fVGNs2NCqz8BFhqbHmDR0krGeEgWVW2M-Q1BTVnuVwmGpp2oLQy7q_X08Rh9unDDFTYkoAnMRI6X-2Y_cpHVUcuiKlljxqCOgnt4tvlusCD6qYzPj4if0lrlIhRcmytLa8mLAuTTlw8Lg0hqucH22O8w22qAGJMI-Ho7_QCcTipyDP5B3H-Bjc68QT7kd1CuUouWF_YdqCOB8WxsGdSOxDjd_4CZIkFGaSutW8_VXzROI9F9WG0iezwMV3oKYyBVhMxihty23zOELnFkPSUuI2Vx4CoI_R2W7t6jU_ymNNQLrv9jPniZniRQ7XPLTN0I88OSWcKgdi_dQ9KVzG2CLG6B_p39Xq2tJAANbSdLofzaRERXAShCoM15c8peZRivl_SnSKakCMozHl9bZYPpnLzGyUp7SbzEpHBWF66gXfH52s8gcxlwFYuXhhJ4bxpypnCJN_4Mf
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 61B7
217 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5d04c2613efd8ffc170901c96813e3d5a8488af4763a8c33d0750afed1b3bb9f

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
4064125.json
agen-assets.ftstatic.com/display/7936335/ Frame FFA8
5 KB
2 KB
XHR
General
Full URL
https://agen-assets.ftstatic.com/display/7936335/4064125.json
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-57.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e01328638edcae791d4fa6402aa7fe191b151f8907ae6945a969b159d1210150

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:00 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/5.2), 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 11 Dec 2023 15:23:35 GMT
server
AmazonS3
etag
W/"474223455bddb6217a3a731919b27e92"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control
max-age=30
x-varnish
734593362
vary
Accept-Encoding,Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
lqD37FW9P9BZylWdU5b0im5qfvSrBbCNNO7rWbLr5lfr-hBy2XtAAw==
truncated
/ Frame FFA8
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0d397e8282692eeb45b274667ab36ecac65559e322e17cb27f1cbd7b14d223d

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
activeview
pagead2.googlesyndication.com/pcs/ Frame A2F3
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssOoCboxeOJgB7d52JIuwd51AHMEXxOxLHgLzZ3cqnylApmky9CjTVaPaAN1ChpGut4H4u0S6Q5TIgXmO4VliwpgUL1DorfZKqNWpeVd6dgtIkcOGX93dBvCH43k05pXu2k0T8jHm-R66DSMUlfug59teix&sai=AMfl-YRxe2kqce6pocRg6oI7vOW2vcXtPXO8QjbuWmg2HbLiEi716yjR8p-L3lBKc4dThB74RIw4RhR-fQ0IM-Gk7d_j26OQ-u7J7nwVlKoUixwwqj3h8EShr0Vl0a0RzY8eTXv9s3bgzMu1lb3XQJ_7Hg&sig=Cg0ArKJSzKLhQ7TugTLdEAE&cid=CAQSTwAvHhf_DWtkQJEiKbcq3QsExNZ0W_HNC6RAliiKzXTKuEjhWyZyMuDIKBZYGhC4L-osLf8fiIEXQcFQKu37K2xu_5mqXdqKd6Yo0ATYdMwYAQ&id=lidar2&mcvt=1007&p=0,0,280,1110&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2300165494&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705104717536&rpt=738&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 9383
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
342360bdb3a0d144e4f46b63950d717130d8db2e2b1b78a52618828283875b04

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
3699647.json
agen-assets.ftstatic.com/display/7936335/ Frame 9383
5 KB
2 KB
XHR
General
Full URL
https://agen-assets.ftstatic.com/display/7936335/3699647.json
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-57.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8d42cefbffb64b7474ae6342fbc144e012ff7a7d12b7cba2d57d42bd1106f24

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:00 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/5.2), 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 11 Dec 2023 15:23:35 GMT
server
AmazonS3
etag
W/"a72ba71306c2d4bce4fd55d7311b157a"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control
max-age=30
x-varnish
724960352
vary
Accept-Encoding,Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
4eAJMq2z-Z7av_emWGm4z6xBIvYoT3pWsa2AIsk0gUxfBsL-kx9dTg==
4064128.json
agen-assets.ftstatic.com/display/7936214/ Frame 61B7
5 KB
2 KB
XHR
General
Full URL
https://agen-assets.ftstatic.com/display/7936214/4064128.json
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-57.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fb7d30967c386c1827ab1e53db214d8dccd372ace73953ac3d8f696a04ffabf6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:00 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/5.2), 1.1 9128c49d19c76fd86ec4c647434ccb0a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Mon, 11 Dec 2023 15:23:08 GMT
server
AmazonS3
etag
W/"a750e8c272bb490423e32610f3161333"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
cache-control
max-age=30
x-varnish
947700497
vary
Accept-Encoding,Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
JhHPNQMSfblJWAk0dhFSqIidDd7XHkrql_qd2dUrL1oL9F4_Q1Ziyg==
gen_204
pagead2.googlesyndication.com/pagead/ Frame F383
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B0VZgT9WhZeegAdnE7_UPjLavwA8AAAAAOAHgBAI&bg=!-_il-LfNAAZ1R9vHVUc7ADQBe5WfOHdXGhZwg02UWd6_vWeKZR748ZkYRk5VaL_in0rAoZqcq_OV18YIXwBCTbKupLgGAgAAAGJSAAAAAmgBB5kDANBWVOjTi9jLCjypPp1_4yfEICZ9zNWnQ6NZzaozJXgMSYuflyTZYyjsPMaAfEkbiXFordf9yJ3weRZGvZ2ZGTI8749LUYTTppul4cNUXLGNf7GhX7o4FIy_lSIpaDT5HlDPeZotfr25-247kYae388lBU5HQ5V6ABUcmtbIOFdXdhKen5m-0pj7b-tCdqP2VtTqreVHfdgpv3-xJwyN-hhvnzgZXeOJyGZZwg5x6syT502JCg2GTL1yxLvtwhHnQ7lO0NIpg_0UK7NEtqvmnio9xv5BtCO32JNBVjeYdabImGZx8y6vlpIDoIE5OM6FRmmrpPt-04Z2f15LWVwI_0kGq1czr9AvAOLTvAZpJ9trujBzxudip657DKJu96DDrtiO3iNQIeD46MDZET7T4c1rde-e3J-6_Nceuy2uo7aNZFjNYSJf0FJGgL9vpmaeVcF4PQtQvSK04HGlEqt9mQJG83jbrmicLrD3TWclf1FS4BAYFPn4W0SU_iCuvLxZNyPVSxiFNtCaCgUVUB7ZoT0xUuNkViSlVKC5q_F8trCkKhRcLGVyWdTRAdUHHI90yzBsUL1MoJXXpLp1sKhJ3bIMzesFmvCyCBTkJlYoQfahTIkotP7QYxYGRil1X7Wadk_YVJlBMky79PKFG2LZb4i1QoYs-lSP-3_cDjpwa2M3WS1ug2pGNcqECNnLhIM6kk_8yoZUoWzs2nvEyOLk1qVTMLVEjg4ZeaKbBeI8MfVvYaoK4vZTlU3AenmMrB9dmuYhmFRxhePlwG2QZJdLUvMuwC9bAcvMVPcvsIPW--afXcGsxXIdiqurzlzXmftY_kEqfqsqYYiztcG0dICUjco7DCK9EuovXv7B-JXCG8snXUC_AjAIw3PP8nhgAfMiqj2VWjSRjOCyaiVWH6YKFblDG6IblW9foOEBN53KL6UeQUZRWr9MHliABNI-95qDCFSYU5MJ4ixTXhK6NpPQ1TedikCYEYs2NeVvnsCVH2PaGRNDyyPzAhcSrWvz9A-TuA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sdk.js
adsdk.microsoft.com/native-to-display/ Frame AF73
94 KB
38 KB
Script
General
Full URL
https://adsdk.microsoft.com/native-to-display/sdk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
759ce2a2ce00d61d23c78b075f72880dba5cec69876073fc1313ccfe536c7101

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Sat, 13 Jan 2024 00:11:59 GMT
content-encoding
br
last-modified
Mon, 08 Jan 2024 22:48:38 GMT
vary
Accept-Encoding
x-azure-ref
20240113T001159Z-81nfrqwg097x3b8ubk9g6rve2w00000001eg000000002sz5
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a0a0c049-401e-00db-1b69-457bcf000000
cache-control
private, max-age=3600, stale-while-revalidate=86400
x-cache
TCP_HIT
x-ms-version
2009-09-19
trk.js
cdn.adnxs.com/v/s/240/ Frame AF73
80 KB
27 KB
Script
General
Full URL
https://cdn.adnxs.com/v/s/240/trk.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.16.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-183.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
519e50788224b3422c6e6b1cce48d5decb83eece248558b54e48f88491e48aa4

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Nov 2023 14:06:46 GMT
Server
AkamaiNetStorage
ETag
"ccac3ab7f323b8743d099010fcce15a4:1700057206.383562"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
27680
Expires
Sun, 12 Jan 2025 00:11:59 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame AF73
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 11:12:16 GMT
content-encoding
br
x-content-type-options
nosniff
age
46783
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 11:12:16 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/ Frame AF73
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240108/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 09:07:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
54255
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8492
x-xss-protection
0
server
cafe
etag
9878124937798820110
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 26 Jan 2024 09:07:44 GMT
l
www.google.com/ads/measurement/ Frame AF73
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRhBKrSCS9WEvABxGFD66iwKMqpNDsaoW_0KH2nRG6qKF1ewe0AnyeV-f6Ji6e0jCW_InqS9U-zwIXSwsXRS686Du-Q0g
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame AF73
205 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c33412ba91028feec6a26b56c72f3ce03a24512785c25247447c2d1e81c8ff13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 23:32:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
2343
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63127
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:32:56 GMT
doubleclickads.
fundingchoicesmessages.google.com/f/AGSKWxXn9iSQ3hD4ugPw7Guwe8KKs-A_IZmBZGCszCobaz3R-Tg7TtYAOnRvMD8FOvbLJ7kLjN33MsT6NVugsQy1qHdl6NfvQ0YgnUlkXgf6rfp3S16ZtZyO9EBK6eIHTwMTDmoriUjINumgXGDgEKHOqsuhwygcf...
54 B
109 B
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXn9iSQ3hD4ugPw7Guwe8KKs-A_IZmBZGCszCobaz3R-Tg7TtYAOnRvMD8FOvbLJ7kLjN33MsT6NVugsQy1qHdl6NfvQ0YgnUlkXgf6rfp3S16ZtZyO9EBK6eIHTwMTDmoriUjINumgXGDgEKHOqsuhwygcfts5K_jN4oDdhcsghUaHsojjN-MnVqkf/_.banner%20ad.-advertising11.-120x600-/sponsor-banner./doubleclickads.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwqCnrDRKPwzSzuCt0e1IwwY6RVQQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
41111e02fcaf010fb231dfc4cc8b7d8ae4778369642908e2712b58730f4a9bdb
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-3sOGVYe8vIBuZq0MwM1SLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-3sOGVYe8vIBuZq0MwM1SLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
lidar.js
pagead2.googlesyndication.com/pagead/js/
84 KB
30 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwqCnrDRKPwzSzuCt0e1IwwY6RVQQ/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
707c9aa55f2aa73c6b344823622028969b9f7dc7c083255af7f8ec741a410796
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 12 Jan 2024 23:37:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
2054
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30830
x-xss-protection
0
server
cafe
etag
7678858050724989131
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 00:37:45 GMT
AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-sblwJBf_2-8crKSIyPydAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-sblwJBf_2-8crKSIyPydAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.babup.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-QbjrcjufhwFWCPrKwX4kuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
script-src 'report-sample' 'nonce-QbjrcjufhwFWCPrKwX4kuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.babup.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-x945Ik5DjmPkADbgcF3UFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-x945Ik5DjmPkADbgcF3UFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.babup.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-A2m1evYmTQFFa9tjO7Tb1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-A2m1evYmTQFFa9tjO7Tb1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.babup.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVZqV49Gbf42My1-u1XlIIujHDiy83LGVvzL9iuWvYj6ADZSktXWqkGfCCIrp8dIWeWfW1kfiIBczP1fVWUFCoVeftDzE-Be9Qan9UmlzXfoQMY2AxsM35ay6MH7bETMRdQwwSlLw==
fundingchoicesmessages.google.com/f/
3 KB
2 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVZqV49Gbf42My1-u1XlIIujHDiy83LGVvzL9iuWvYj6ADZSktXWqkGfCCIrp8dIWeWfW1kfiIBczP1fVWUFCoVeftDzE-Be9Qan9UmlzXfoQMY2AxsM35ay6MH7bETMRdQwwSlLw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1MTA0NzE5LDU5NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuYmFidXAuY29tLyIsbnVsbCxbWzgsIjE1bUxwenJ3THJBIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7f54332f3e09fdaf36272a30afccb8b03537641d37a0b24927ebcf9b273f02e5
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-bW_GpOBEdeQ5zARqgIBjEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.babup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-bW_GpOBEdeQ5zARqgIBjEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
index.html
cdn.flashtalking.com/116327/4064125/ Frame 252E
103 KB
19 KB
Document
General
Full URL
https://cdn.flashtalking.com/116327/4064125/index.html
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
172cf50810a0908328c1b84efe6b7daf3427921e02e1a8a72915b774282030b9

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age
3000
Cache-Control
max-age=606
Connection
keep-alive
Content-Encoding
gzip
Content-Length
18936
Content-Type
text/html
Date
Sat, 13 Jan 2024 00:11:59 GMT
ETag
W/"6e8658c206797509fe6064c7099fd517"
Expires
Sat, 13 Jan 2024 00:22:05 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:52 GMT
Server
Flashtalking (AKA)
Vary
Accept-Encoding
X-Varnish
435853591 436536512
score.min.js
js.ad-score.com/ Frame FFA8
600 KB
161 KB
Script
General
Full URL
https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2447:c200:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9ecb70a32181d648ffdb7e7502658bfa695a721a07cc0ac3c192d3a8c04dbcd7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Jan 2024 23:53:51 GMT
Content-Encoding
br
Via
1.1 0f9c1f26e53d95127196e190a08a56b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
AMS58-P5
Age
1088
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Fri, 12 Jan 2024 23:53:51 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Cache-Control
X-Amz-Cf-Id
GAtLS4Ag5mArd_OD9plsp1j_cCpuoHuXszTITRZcgM2-e1Nk6nXzAg==
Expires
Sat, 13 Jan 2024 23:53:51 GMT
ftpagefold_v4.7.2.js
cdn.flashtalking.com/pageFold/ Frame FFA8
17 KB
6 KB
Script
General
Full URL
https://cdn.flashtalking.com/pageFold/ftpagefold_v4.7.2.js
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
04a4ec051482dbeac84bf68c61fe3abc1cd91a21d49527e14521723bd7606d94

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Nov 2022 15:59:45 GMT
Server
Flashtalking (AKA)
ETag
W/"41e1de2061b5162671c94aaf53e51cc1"
Vary
Accept-Encoding
Content-Type
application/javascript
X-Varnish
245816087 241254950
Cache-Control
max-age=32956
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5545
Expires
Sat, 13 Jan 2024 09:21:15 GMT
iconc.png
cdn.flashtalking.com/oba/icon/ Frame FFA8
1 KB
2 KB
Image
General
Full URL
https://cdn.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Last-Modified
Sat, 12 Apr 2014 19:14:32 GMT
Server
Flashtalking (AKA)
ETag
W/"db320ef6f3c45ab5c90887ef618de2bb"
Content-Type
image/png
X-Varnish
511612315 382618673
Cache-Control
max-age=2192916
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1308
Expires
Wed, 07 Feb 2024 09:20:35 GMT
truncated
/ Frame FFA8
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
score.min.js
js.ad-score.com/ Frame 9383
600 KB
161 KB
Script
General
Full URL
https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2447:c200:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9ecb70a32181d648ffdb7e7502658bfa695a721a07cc0ac3c192d3a8c04dbcd7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Jan 2024 23:53:51 GMT
Content-Encoding
br
Via
1.1 ed993f97c00803491d1a75f41b21a784.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
AMS58-P5
Age
1088
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Fri, 12 Jan 2024 23:53:51 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Cache-Control
X-Amz-Cf-Id
92Yp1pjndZSAlQG-qwUUv-CYGIVYf87vDLw8m7lF9m7kCGKlxWpnyw==
Expires
Sat, 13 Jan 2024 23:53:51 GMT
iconc.png
cdn.flashtalking.com/oba/icon/ Frame 9383
1 KB
2 KB
Image
General
Full URL
https://cdn.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Last-Modified
Sat, 12 Apr 2014 19:14:32 GMT
Server
Flashtalking (AKA)
ETag
W/"db320ef6f3c45ab5c90887ef618de2bb"
Content-Type
image/png
X-Varnish
511612315 382618673
Cache-Control
max-age=2192916
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1308
Expires
Wed, 07 Feb 2024 09:20:35 GMT
ftpagefold_v4.7.2.js
cdn.flashtalking.com/pageFold/ Frame 9383
17 KB
6 KB
Script
General
Full URL
https://cdn.flashtalking.com/pageFold/ftpagefold_v4.7.2.js
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
04a4ec051482dbeac84bf68c61fe3abc1cd91a21d49527e14521723bd7606d94

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Nov 2022 15:59:45 GMT
Server
Flashtalking (AKA)
ETag
W/"41e1de2061b5162671c94aaf53e51cc1"
Vary
Accept-Encoding
Content-Type
application/javascript
X-Varnish
245816087 241254950
Cache-Control
max-age=32956
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5545
Expires
Sat, 13 Jan 2024 09:21:15 GMT
FY22Q1_DC_AcrobatDC_AcrobatDC_de_de_SignMobility-Lifestyle_ST_160x600.jpg
cdn.flashtalking.com/116327/3699647/ Frame 9383
64 KB
65 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/3699647/FY22Q1_DC_AcrobatDC_AcrobatDC_de_de_SignMobility-Lifestyle_ST_160x600.jpg?832602553
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
f2520b4f876b6831eb89b69899b3bd380d9f5e7fffa938478803efc9ba2f38f6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Last-Modified
Wed, 18 Jan 2023 23:47:29 GMT
Server
Flashtalking (AKA)
ETag
W/"4f8e29730b27b891e852a5ac6ca19451"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
67736458
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=826
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
65632
Expires
Sat, 13 Jan 2024 00:25:45 GMT
index.html
cdn.flashtalking.com/116327/4064128/ Frame 35C0
102 KB
19 KB
Document
General
Full URL
https://cdn.flashtalking.com/116327/4064128/index.html
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
01a5e56fa3cc3c923dbb654672ce1c6f2e8592a913deb2efdcc1b43d98d602af

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Access-Control-Max-Age
3000
Cache-Control
max-age=1091
Connection
keep-alive
Content-Encoding
gzip
Content-Length
19200
Content-Type
text/html
Date
Sat, 13 Jan 2024 00:11:59 GMT
ETag
W/"8c17ce268b5b84c9c6ef4d49fbd0eb28"
Expires
Sat, 13 Jan 2024 00:30:10 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:55 GMT
Server
Flashtalking (AKA)
Vary
Accept-Encoding
X-Varnish
472600434
score.min.js
js.ad-score.com/ Frame 61B7
600 KB
161 KB
Script
General
Full URL
https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2447:c200:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9ecb70a32181d648ffdb7e7502658bfa695a721a07cc0ac3c192d3a8c04dbcd7

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 12 Jan 2024 23:53:51 GMT
Content-Encoding
br
Via
1.1 d1867b092f625a3679893299e10edaee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
AMS58-P5
Age
1088
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Fri, 12 Jan 2024 23:53:51 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Cache-Control
X-Amz-Cf-Id
v3kxt3PWVSaM6-dQy5zAs6KnWRI1YCvz4RhRR6vpJxBqgFt7e2QI2g==
Expires
Sat, 13 Jan 2024 23:53:51 GMT
iconc.png
cdn.flashtalking.com/oba/icon/ Frame 61B7
1 KB
2 KB
Image
General
Full URL
https://cdn.flashtalking.com/oba/icon/iconc.png?EDAA_icon=y
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Last-Modified
Sat, 12 Apr 2014 19:14:32 GMT
Server
Flashtalking (AKA)
ETag
W/"db320ef6f3c45ab5c90887ef618de2bb"
Content-Type
image/png
X-Varnish
511612315 382618673
Cache-Control
max-age=2192916
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1308
Expires
Wed, 07 Feb 2024 09:20:35 GMT
ftpagefold_v4.7.2.js
cdn.flashtalking.com/pageFold/ Frame 61B7
17 KB
6 KB
Script
General
Full URL
https://cdn.flashtalking.com/pageFold/ftpagefold_v4.7.2.js
Requested by
Host: ajs-assets.ftstatic.com
URL: https://ajs-assets.ftstatic.com/ftUtils.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
04a4ec051482dbeac84bf68c61fe3abc1cd91a21d49527e14521723bd7606d94

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:11:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Nov 2022 15:59:45 GMT
Server
Flashtalking (AKA)
ETag
W/"41e1de2061b5162671c94aaf53e51cc1"
Vary
Accept-Encoding
Content-Type
application/javascript
X-Varnish
245816087 241254950
Cache-Control
max-age=32956
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5545
Expires
Sat, 13 Jan 2024 09:21:15 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 2E63
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstrJOc-qwsOQGlMkVt_gt78C5T3JAWxC_79DDcPxPTtU7gF4MSF3ScNhfIrZ0md3XyQ9ykzQOH-jjde4cn7NZ-anBlt1pbOS7aPPDT_ONLTc2hImvqnqc3VIBFACvgiHkbCrqyLB6pmycN695XThsWkapmLyoPzkwEM7JPZSiS8PB33LE9pFNj4y8E2_PqSDvtyMOHNhAYr7c-g9qTiQaqD7srvgGPs-KHMhr-eKJVzXFNNM3sSh9XzvTSzRF2pkvUdkd8MgmjJ1AS3xMVbs-qkTCQVUuYZusFx5qSjwKyjpe6vBjMV8jjePiNxdqRnPtbSW3ivLJFLP06meGmU7AdJ1GgQw4Qlt-6dzsWwe5Vq4vP6s9klhDNrmpwOJ68P7tR90r4zZ_3clcIv3W0giRqsqm9SXNM7U94JEn5Q0m5OxJZ3NCq90TufaLtxgMjdBhHtDYA0uQqCZIPdMZ_U1Oc4t9QLo609DuIXmKDNQ42XIa6F9IBp05pFdHO3KXiwf1mWDItw0DkBFjn5j_IrYlHe9Gm6g4PcrXOP3KsMCnIkuACgWSNl1yWep51zmEZZ6Fpm1gsQD379DA3mQ7iBgVsu3tv0gqibBTb9-uYVpMzbILQHWW7Sk0YcrBHjwluSivDfubPEWCZVa9-q-4MC___aVWQawQqDEFiZKEFyuIXFBEhvARus-MKjV7KYHiDxxI7auUg6CCwwh2JLzVymY8X5xCGvNcU2D6E8cfY4bHt_xiZc3giM-K8e24CoCYCvqkp3xyw9CXVYXKyUhpSEreZCpu27_2_l-MiGhH3Y5NQ7m0ZsoGsmBUWSuubErgLqnqBC7lcqjkU78hpCcQuq-RdMyQeNe7WPkf-24jw97_8Ol3fGJO25GpuZjJLrhXkEEUcBScH40K_-YyQqlTRkCJSfCC_qhcm1y1fI9WuyMvyd71ocXc8pl1tAsHZqxwPBB-wNUljoCmU-a6Adm7HgsB1T08gGN5E1Akj2TclpcSpH4jIxB_y6zQwbJMM63IkaAGwed_dbR1VKbQFgOx18vSeGgfkybYImjAozDRJId3O7PuygmcVeFkS7rqL_WGPExHSUEgPFVCruSy4v1h-ulWNrgH_MFXgRRu4vM-ODPlVPShfhdoK3GDTqMI-3hAb_DecOkUg9ozM489vSScLPUlJk1k7aQ_fQgzrKGxhz&sai=AMfl-YS_OIO7hWqqFtQwDNC4-2Fc3UfEmOGkG3HRzJgp3IQmL2vEk1UyAf928c4qUi9-XWBsYSBol87vgDPFMkrUi9AkzJsqkdWCSj7rfTXAM6b0AWSUbaRqzmseE1UdCyyiLP_h0TNZ5AGDr5O9WVZvAtfZdWtjBqekHsCaJQ&sig=Cg0ArKJSzC88rNYetP8rEAE&cid=CAQSTgAvHhf_UNywO46V03lcJgP2qo-gtoyGwQm_U4Rv1srejGbAQC7LfVIoZUQP0KkoZBfUlwLEKcXAkHPMEPKX3_HqZ6P6aIG_6cKvJ9zXGBgB&id=lidar2&mcvt=1004&p=0,0,280,555&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2869380213&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705104717539&rpt=1070&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 61B7
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
c.gif
www.bing.com/aes/ Frame AF73
Redirect Chain
  • https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=ce3a31b0-b789-4f85-9d5a-1ad966023d3d&bidId=1&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=d7f0d34a-c0ca-4ff5-a4d...
  • https://www.bing.com/aes/c.gif?DI=0&DIS=SB_1-1-0?&RG=786717e8c2714196a1124aedaa1bc021&SNR=1&GV=2&med=10
0
545 B
Image
General
Full URL
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_1-1-0?&RG=786717e8c2714196a1124aedaa1bc021&SNR=1&GV=2&med=10
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H2
Server
2a02:26f0:3500:1b::1724:a392 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 41622F6746DB4EFF9094E6849957ABBF Ref B: FRA31EDGE0118 Ref C: 2024-01-13T00:11:59Z
x-cdn-traceid
0.92a12417.1705104719.2885dfd6
vary
Origin
p3p
CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control
private,no-store
alt-svc
h3=":443"; ma=93600
content-length
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=15724800; includeSubDomains
date
Sat, 13 Jan 2024 00:11:59 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 01DCCFED8C2A469791E16195CF01FC84 Ref B: DUS30EDGE0707 Ref C: 2024-01-13T00:11:59Z
x-cdn-traceid
0.92a12417.1705104719.2885df4d
vary
Origin
content-type
text/html; charset=utf-8
location
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_1-1-0?&RG=786717e8c2714196a1124aedaa1bc021&SNR=1&GV=2&med=10
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=93600
content-length
150
expires
0
th
www.bing.com/ Frame AF73
3 KB
4 KB
Image
General
Full URL
https://www.bing.com/th?id=OAIP.f55fbf3837a594c6dd34019b980c93c9&pid=AdsNative&c=3&w=200&h=105&qlt=90
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:1b::1724:a392 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1c2ab7ad974f039e1d9e0206418b600d8fe76ca710528ebea654eb6da98a23f6

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cdn-traceid
0.92a12417.1705104719.2885df41
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-type
image/jpeg
cache-control
public, max-age=2592000
timing-allow-origin
*
access-control-allow-headers
*
content-length
3298
alt-svc
h3=":443"; ma=93600
rd_log
ams3-ib.adnxs.com/ Frame AF73
0
815 B
Script
General
Full URL
https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.babup.com&e=wqT_3QLnA-jnAQAAAwDWAAUBCM6qh60GEOPn3d7D8YLcTxgAKjYJhpLy8z9EmT8ROMHWN0-fmD8ZAAAAoHA98j8hOA0SACkRJNAxAAAA4FG4rj8w2_imAzi1AUC1XkjjA1C6iYq2AVjHsT1gAGifpFR4tPIFgAEBigEDVVNEkgUG8JqYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgC8AbgAqKoMeoCFWh0dHBzOi8vd3d3LmJhYnVwLmNvbYADAIgDAZADAJgDCaADAaoDAMAD2ATIAwDYAwDgAwDoAwD4AwOABACSBAQvdWFwmAQAqAQAsgQMCAAQABgAIAAwADgAuAQAwAQAyAQA2gQCCAHgBAHwBAW9WIgFAZgFAKAFoLOoyO7X3J9AwAUAyQUABQEU8D_SBQkJBQt0AAAA2AUB4AUB8AUI-gUECAAQAJAGAJgGALgGAMEGAR80AADwP9AGwo0E2gYWChAJEhkBAYlg4AYB8gYCCACABwGIBwCgBwHIB7TyBdIHDRVjASYI2gcGAV6kGADgBwDqBwIIAPAHv4MNiggCEACVCAAAgD-YCAHACPAG0ggGCAAQABgA&s=b9929416a0452b863abee4d4aed8e6408859a29c&bdref=https%3A%2F%2Fwww.babup.com%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fwww.babup.com%2F,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fgdpr%3D0%26client%3Dca-pub-9176521898341909%26output%3Dhtml%26h%3D90%26adk%3D2316120902%26adf%3D3609186151%26pi%3Dt.aa~a.1000136111~rp.4%26w%3D1110%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1705104718%26rafmt%3D1%26to%3Dqs%26pwprc%3D6385710038%26format%3D1110x90%26url%3Dhttps%253A%252F%252Fwww.babup.com%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1705104718671%26bpp%3D1%26bdt%3D1638%26idt%3D-M%26shv%3Dr20240109%26mjsv%3Dm202401080101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db9ef4e70be805f84%253AT%253D1705104717%253ART%253D1705104717%253AS%253DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ%26gpic%3DUID%253D00000d407f719b48%253AT%253D1705104717%253ART%253D1705104717%253AS%253DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ%26prev_fmts%3D0x0%252C1110x280%252C555x280%252C1110x280%26nras%3D2%26correlator%3D2296480671586%26frm%3D20%26pv%3D1%26ga_vid%3D941796147.1705104717%26ga_sid%3D1705104718%26ga_hid%3D1170873792%26ga_fc%3D1%26u_tz%3D60%26u_his%3D3%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D245%26ady%3D2043%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C95320238%252C31080264%252C31080265%252C95320868%252C95321627%26oid%3D2%26psts%3DAOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%252CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg%26pvsid%3D697208698234851%26tmod%3D2074571564%26uas%3D0%26nvt%3D1%26ref%3Dhttps%253A%252F%252Fwww.file-upload.org%252F%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26fsb%3D1%26dtd%3D49,https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fgdpr%3D0%26client%3Dca-pub-9176521898341909%26output%3Dhtml%26h%3D90%26adk%3D2316120902%26adf%3D3609186151%26pi%3Dt.aa~a.1000136111~rp.4%26w%3D1110%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1705104718%26rafmt%3D1%26to%3Dqs%26pwprc%3D6385710038%26format%3D1110x90%26url%3Dhttps%253A%252F%252Fwww.babup.com%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1705104718671%26bpp%3D1%26bdt%3D1638%26idt%3D-M%26shv%3Dr20240109%26mjsv%3Dm202401080101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253Db9ef4e70be805f84%253AT%253D1705104717%253ART%253D1705104717%253AS%253DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ%26gpic%3DUID%253D00000d407f719b48%253AT%253D1705104717%253ART%253D1705104717%253AS%253DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ%26prev_fmts%3D0x0%252C1110x280%252C555x280%252C1110x280%26nras%3D2%26correlator%3D2296480671586%26frm%3D20%26pv%3D1%26ga_vid%3D941796147.1705104717%26ga_sid%3D1705104718%26ga_hid%3D1170873792%26ga_fc%3D1%26u_tz%3D60%26u_his%3D3%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D245%26ady%3D2043%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C95320238%252C31080264%252C31080265%252C95320868%252C95321627%26oid%3D2%26psts%3DAOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%252CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg%26pvsid%3D697208698234851%26tmod%3D2074571564%26uas%3D0%26nvt%3D1%26ref%3Dhttps%253A%252F%252Fwww.file-upload.org%252F%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D5%26uci%3Da!5%26btvi%3D1%26fsb%3D1%26dtd%3D49&
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
an-x-request-uuid
91b7b599-44c5-427a-a44a-585e49eda5dc
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
176.10.106.23; 176.10.106.23; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
AGSKWxWnms1na6oOq895kPA3ygld9t2liL1UN1qdwmcNICbHkVVD-pnbzCn9qWgQEumJfedEo_ccvZKPuSh9yiANho7nfh3C5CZz9ifi-abUQwlcqQdPhl26ljHeFPoGYSfxOZqMOui1kA==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWnms1na6oOq895kPA3ygld9t2liL1UN1qdwmcNICbHkVVD-pnbzCn9qWgQEumJfedEo_ccvZKPuSh9yiANho7nfh3C5CZz9ifi-abUQwlcqQdPhl26ljHeFPoGYSfxOZqMOui1kA==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-aFrCdbjhFA4SoPkLVaZ4Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
script-src 'report-sample' 'nonce-aFrCdbjhFA4SoPkLVaZ4Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.babup.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
fundingchoicesmessages.google.com/el/
0
28 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUaD-6FSzJEqSMXFcJpmXMpnhnlq3iEhXB42sBBmmZegposZ0M3c48_G2OCQHKhm9pV_Kv1mKSnx60OzjdpYz2Z4iL6thTvpVSFTUq6cetBSb3JP0ciSaVuUcEdr5F3hkeD9XC7-Q==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.15mLpzrwLrA.es5.O/am=wA/d=1/rs=AJlcJMz0OyCKxpnFoo527yNpZ51eE3Dj5Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-khG9z3XtS1iH7710ud9r1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.babup.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-security-policy
script-src 'report-sample' 'nonce-khG9z3XtS1iH7710ud9r1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.babup.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
createjs.min.js
code.createjs.com/1.0.0/ Frame 252E
236 KB
63 KB
Script
General
Full URL
https://code.createjs.com/1.0.0/createjs.min.js
Requested by
Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/116327/4064125/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3500:11::215:14cb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=900
x-n
S
accept-ranges
bytes
expires
Sat, 13 Jan 2024 00:26:59 GMT
createjs.min.js
code.createjs.com/1.0.0/ Frame 35C0
236 KB
63 KB
Script
General
Full URL
https://code.createjs.com/1.0.0/createjs.min.js
Requested by
Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/116327/4064128/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3500:11::215:14cb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=900
x-n
S
accept-ranges
bytes
expires
Sat, 13 Jan 2024 00:26:59 GMT
/
ad-events.flashtalking.com/state/7936335;3699647;0;271;0F169571-8E2C-7661-2788-CD30DCBCBA5E/ Frame 9383
0
67 B
Image
General
Full URL
https://ad-events.flashtalking.com/state/7936335;3699647;0;271;0F169571-8E2C-7661-2788-CD30DCBCBA5E/?cachebuster=418216464
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.79.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-79-60.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
server
awselb/2.0
content-length
0
content-type
text/plain; charset=utf-8
ft.stat
stat.flashtalking.com/reportV3/ Frame 9383
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936335;3699647;0-304-0-0-768792048
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:11:59 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:11:59 GMT
/
ad-events.flashtalking.com/state/7936335;4064125;0;271;9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB/ Frame FFA8
0
66 B
Image
General
Full URL
https://ad-events.flashtalking.com/state/7936335;4064125;0;271;9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB/?cachebuster=327076964
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.79.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-79-60.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:11:59 GMT
server
awselb/2.0
content-length
0
content-type
text/plain; charset=utf-8
ft.stat
stat.flashtalking.com/reportV3/ Frame FFA8
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936335;4064125;0-304-0-0-169114914
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:11:59 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:11:59 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 01A2
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
53909
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 12 Jan 2024 09:13:30 GMT
etag
48472445140208031
expires
Sat, 13 Jan 2024 09:13:30 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame AF73
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7c601baf5b9737f0d9bf8c25573ffb9687e9b4b60d067b96789fade536460af9

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
vevent
ams3-ib.adnxs.com/ Frame AF73
0
838 B
Ping
General
Full URL
https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.babup.com&e=wqT_3QKOB-iOAwAAAwDWAAUBCM6qh60GEOPn3d7D8YLcTxgAKjYJhpLy8z9EmT8ROMHWN0-fmD8ZAAAAoHA98j8hOA0SACkRJNAxAAAA4FG4rj8w2_imAzi1AUC1XkjjA1C6iYq2AVjHsT1gAGifpFR4tPIFgAEBigEDVVNEkgUG8FuYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2ALwBuACoqgx6gIVaHR0cHM6Ly93d3cuYmFidXAuY29tgAMAiAMBkAMAmAMJoAMBqgOkAwq-Amh0dBkrCGluZwEq8HUvYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9ZDdmMGQzNGEtYzBjYS00ZmY1LWE0ZDEtZjkzYjAyOTU4NzcwJmJpZElkPTEmYmlkZGVySWQ9NCZjbUV4cElkPUxWMyZvQWRVHVgYcHVibGlzaAUpKDE2MjY0NTMzMCZynm0AuHJ0eXBlPW51cmwmdGFnSWQ9NjkyOTQ5OSZ0cmFmZmljR3JvdXA9a25hcWVfM2MmDRYIU3ViCRkYenpmJTNBaw0f9A4BX2ZhZV9xdmVycGcmYWlkPSR7QVVDVElPTl9JRH0SBTEyMDg1GhM1NzQ0MzU0MDIxNjM4MzcwMjc1IgkzODE4NDY3MTQqBGJpbmc6NFUyVmhjbU5vUVdRak56STVNVEUzTURVeE1qazJOallqTnpJNU1USXhOemMxTWpZNU9EZz3AA9gEyAMA2AMA4AMA6AMA-AMDgAQAkgQEL3VhcJgEAKgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQB8AS6iYq2AYgFAZgFAKAFoLOoyO7X3J9AwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFCPoFBAgAEACQBgCYBgC4BgDBBgkhLPA_0AbCjQTaBhYKEAkSGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe08gXSBw0JESgBJgzaBwYIBQmo4AcA6gcCCADwB7-DDYoIAhAAlQgAAIA_mAgBwAjwBtIICQj___8_EAIYAA..&s=0e58c1ac00e823253829d06a53d699529e961192&type=nv&nvt=5&jm=1003&px=191&py=0&bw=182&bh=90&sid=1118588961972901431&vd=ct~0|rr~0&sv=240&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=6929499&sw=1600&sh=1200&pw=1110&ph=90&ww=1110&wh=90&ft=3
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/240/trk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
an-x-request-uuid
7a94aad9-2905-4c90-899a-ea551522f25b
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://googleads.g.doubleclick.net
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
176.10.106.23; 176.10.106.23; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
cors
data.ad-score.com/data/ Frame 61B7
60 B
618 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=16acee4b0292ff19e0889f33&pm_pl=1705104719823&pm_td=12&pid=1000941&en=1.1&callback=__pm_glbl_0Zsh2ckDe0A1S0xc0MFVb8WV._gc1&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a7fc9ee416596170d950c501af69ae5850c3d56bbd226f14290868a391b505da

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Age
0
Access-Control-Allow-Methods
POST
P3p
CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Content-Type
text/plain; charset=utf-8
Cache-Control
post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
60
truncated
/ Frame 45FC
266 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 61B7
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
cors
data.ad-score.com/data/ Frame FFA8
60 B
618 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=62f1e5d0356a6280905fbd17&pm_pl=1705104720009&pm_td=11&pid=1000941&en=1.1&callback=__pm_glbl_YmuIfjKoWdTrQ8NBkU4KuZDq._gc1&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a515516d68036c9f5f24efbee62770ad695f16301162cb6bc6470a2a4023f90c

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Age
0
Access-Control-Allow-Methods
POST
P3p
CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Content-Type
text/plain; charset=utf-8
Cache-Control
post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
60
truncated
/ Frame FFA8
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 3F2C
266 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

Referer

Response headers

Content-Type
image/svg+xml
cors
data.ad-score.com/data/ Frame 9383
60 B
618 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=94ae7288809da76786f32bc4&pm_pl=1705104720184&pm_td=10&pid=1000941&en=1.1&callback=__pm_glbl_qDYvm72kY6Lj4iYO2bWJPC0W._gc1&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
850d2651d8bfe91f062a36b5358485eadb067681ef7e8aba1dacc422e8fdc3eb

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Age
0
Access-Control-Allow-Methods
POST
P3p
CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Content-Type
text/plain; charset=utf-8
Cache-Control
post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
60
truncated
/ Frame 9383
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 24BD
266 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

Referer

Response headers

Content-Type
image/svg+xml
/
ad-events.flashtalking.com/state/7936214;4064128;0;271;26446FA9-D1C2-7DB5-0A66-DE4901A6F62F/ Frame 61B7
0
66 B
Image
General
Full URL
https://ad-events.flashtalking.com/state/7936214;4064128;0;271;26446FA9-D1C2-7DB5-0A66-DE4901A6F62F/?cachebuster=229190951
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.79.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-79-60.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:00 GMT
server
awselb/2.0
content-length
0
content-type
text/plain; charset=utf-8
ft.stat
stat.flashtalking.com/reportV3/ Frame 61B7
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936214;4064128;0-304-0-0-341371650
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:12:00 GMT
34c17312-94b8-46a0-b580-050b8780d822
https://googleads.g.doubleclick.net/ Frame 61B7
720 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/34c17312-94b8-46a0-b580-050b8780d822
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2ec07a6e77bc3abc56f801e141e9889c018ca8e96dfbe4042f49378699ee85f

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
720
Content-Type
application/javascript
a99049af-be5b-44f6-828f-a051efa1750e
https://googleads.g.doubleclick.net/ Frame 61B7
725 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/a99049af-be5b-44f6-828f-a051efa1750e
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb32ef70baf6f49f09b1fe50f680f2217d8fc8021f2b91beaabb96f6d582c96b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
725
Content-Type
text/javascript
ft.stat
stat.flashtalking.com/reportV3/ Frame 9383
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936335;3699647;0-306-0-0-820471043
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:12:00 GMT
ft.stat
stat.flashtalking.com/reportV3/ Frame FFA8
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936335;4064125;0-306-0-0-382288901
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:12:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame AF73
0
19 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CW6arTtWhZbrEMe2gi9YPkfyG4AjS4Nfgbo-ktpOTCsCNtwEQASAAYPUFggEXY2EtcHViLTkxNzY1MjE4OTgzNDE5MDnIAQmoAwHIAwKqBL0BT9A0II2eDYYH2_r4EefUQ3U3DAeWphFlT0uDIGVUCkMBJFLdDTmDl62t_l0jEhZYNh4YvByR59nFRcY2bmNB2yZhEy8VsF1Tv2cuJxRwJIeBeCdvsSED0Vjaq9kzUOtYnbM3MpQxj_Ez9MwYU0h9N3QltDRToPyxvlzricOhMMIvvwXGrgyelKTyiRxZv_DmIIgkh0cLOy8crthZn17HQMzww49olTjCUzL6o9gQEdNBZ3NVVfC2-O3iurTTgAbA0p-GyLix-PEBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiAYRABMgKKAjoEgECAQEi9_cE6WIbvwoiK2YMDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTkxNzY1MjE4OTgzNDE5MDkYAA&sigh=bN1PDIWJV6c&uach_m=%5BUACH%5D&cid=CAQSPAAvHhf_5oGgrHwnyL68wXGLXBVna8HYamQ9eMVgtT4jxFY8rnOpU3PtsHtYr6uWL6z15p5UPvb1rk1d_RgB&cbvp=2&vis=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
it
ams3-ib.adnxs.com/ Frame AF73
0
813 B
Image
General
Full URL
https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwww.babup.com&e=wqT_3QKOB-iOAwAAAwDWAAUBCM6qh60GEOPn3d7D8YLcTxgAKjYJhpLy8z9EmT8ROMHWN0-fmD8ZAAAAoHA98j8hOA0SACkRJNAxAAAA4FG4rj8w2_imAzi1AUC1XkjjA1C6iYq2AVjHsT1gAGifpFR4tPIFgAEBigEDVVNEkgUG8FuYAdgFoAFaqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2ALwBuACoqgx6gIVaHR0cHM6Ly93d3cuYmFidXAuY29tgAMAiAMBkAMAmAMJoAMBqgOkAwq-Amh0dBkrCGluZwEq8HUvYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9ZDdmMGQzNGEtYzBjYS00ZmY1LWE0ZDEtZjkzYjAyOTU4NzcwJmJpZElkPTEmYmlkZGVySWQ9NCZjbUV4cElkPUxWMyZvQWRVHVgYcHVibGlzaAUpKDE2MjY0NTMzMCZynm0AuHJ0eXBlPW51cmwmdGFnSWQ9NjkyOTQ5OSZ0cmFmZmljR3JvdXA9a25hcWVfM2MmDRYIU3ViCRkYenpmJTNBaw0f9A4BX2ZhZV9xdmVycGcmYWlkPSR7QVVDVElPTl9JRH0SBTEyMDg1GhM1NzQ0MzU0MDIxNjM4MzcwMjc1IgkzODE4NDY3MTQqBGJpbmc6NFUyVmhjbU5vUVdRak56STVNVEUzTURVeE1qazJOallqTnpJNU1USXhOemMxTWpZNU9EZz3AA9gEyAMA2AMA4AMA6AMA-AMDgAQAkgQEL3VhcJgEAKgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQB8AS6iYq2AYgFAZgFAKAFoLOoyO7X3J9AwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFCPoFBAgAEACQBgCYBgC4BgDBBgkhLPA_0AbCjQTaBhYKEAkSGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe08gXSBw0JESgBJgzaBwYIBQmo4AcA6gcCCADwB7-DDYoIAhAAlQgAAIA_mAgBwAjwBtIICQj___8_EAIYAA..&s=0e58c1ac00e823253829d06a53d699529e961192&pp=ZaHVTgAMYjoEwtBtAAG-ER4eAK8VVLF7fN2OvA&ppt=1&pubclick=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCm-AYTtWhZbrEMe2gi9YPkfyG4AjS4Nfgbo-ktpOTCsCNtwEQASAAYPUFggEXY2EtcHViLTkxNzY1MjE4OTgzNDE5MDnIAQmoAwHIAwKqBMABT9A0II2eDYYH2_r4EefUQ3U3DAeWphFlT0uDIGVUCkMBJFLdDTmDl62t_l0jEhZYNh4YvByR59nFRcY2bmNB2yZhEy8VsF1Tv2cuJxRwJIeBeCdvsSED0Vjaq9kzUOtYnbM3MpQxj_Ez9MwYU0h9N3QltDRToPyxvlzricOhMMIvvwXGrgyelKTyiRxZv_DmIIgkh0cLO20ej0qbO6Sq1DaEdhExEY7GcDh-qvYIyHHHPvfp1dqa4C1jWNlHyCSLgAbA0p-GyLix-PEBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiAYRABMgKKAjoEgECAQEi9_cE6WIbvwoiK2YMD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0b8SGXTq1GrIF4dMQqBbYXyqWjHg%26client%3Dca-pub-9176521898341909%26adurl%3D&cbvp=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
an-x-request-uuid
b64675aa-5e39-473b-abd7-bc95a1184a33
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
176.10.106.23; 176.10.106.23; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 01A2
Redirect Chain
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEJLvIECpcM0CATC0KhEICo0&google_cver=1&google_push=AXcoOmRwdHFuTA-DIt5poz7KfFBFK_Et5_M1hYjE2HU43JRCRkQ9a7g7I_n60gM7wzW1op9pbb2WIJYF8n3wVOPBcRg3vaQCNL5J...
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmRwdHFuTA-DIt5poz7KfFBFK_Et5_M1hYjE2HU43JRCRkQ9a7g7I_n60gM7wzW1op9pbb2WIJYF8n3wVOPBcRg3vaQCNL5Jgp59a8V1RuLJt96RBM4JqjmzU7m...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmRwdHFuTA-DIt5poz7KfFBFK_Et5_M1hYjE2HU43JRCRkQ9a7g7I_n60gM7wzW1op9pbb2WIJYF8n3wVOPBcRg3vaQCNL5Jgp59a8V1RuLJt96RBM4JqjmzU7mgQey2MfPyxJA2hxv22otrrWA3Nt2hew&google_hm=UjM1Q0E5XzEwRjMyOUE3Rl84QjhENzNCMg%3D%3D
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmRwdHFuTA-DIt5poz7KfFBFK_Et5_M1hYjE2HU43JRCRkQ9a7g7I_n60gM7wzW1op9pbb2WIJYF8n3wVOPBcRg3vaQCNL5Jgp59a8V1RuLJt96RBM4JqjmzU7mgQey2MfPyxJA2hxv22otrrWA3Nt2hew&google_hm=UjM1Q0E5XzEwRjMyOUE3Rl84QjhENzNCMg%3D%3D
Date
Sat, 13 Jan 2024 00:12:00 GMT
Cache-Control
private
Strict-Transport-Security
max-age=-388109520; includeSubDomains
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
404
Content-Type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 01A2
Redirect Chain
  • https://beacon.walmart.com/etap.gif?tap=gAds&google_gid=CAESELUurQLxj04gv3srbMUkU0E&google_cver=1&google_push=AXcoOmRR9iJ6qsti4BEEkWQzPLa8nXcWIYB-devFMGOwn_FfjtkVn082Gm6YmXBr2Lh3_YhyEQa8P9n2kngSrph...
  • https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=YeffSlFlUUXv-s_Vd-jTfg&tap=gAds&google_gid=CAESELUurQLxj04gv3srbMUkU0E&google_cver=1&google_push=AXcoOmRR9iJ6qsti4BEEkWQzPLa8nXcWIYB-...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=YeffSlFlUUXv-s_Vd-jTfg&tap=gAds&google_gid=CAESELUurQLxj04gv3srbMUkU0E&google_cver=1&google_push=AXcoOmRR9iJ6qsti4BEEkWQzPLa8nXcWIYB-devFMGOwn_FfjtkVn082Gm6YmXBr2Lh3_YhyEQa8P9n2kngSrphVJM4VyFTyCehkBiazXE2EHA8phebJvV6aOCuf_-TdTRf2Rt4Xy-YkpA2sX3C0xp-rWZjArQ
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Via
HTTP/1.1 odnd
Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 06 Dec 2023 07:21:35 GMT
Content-Type
text/plain; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=walmart&google_hm=YeffSlFlUUXv-s_Vd-jTfg&tap=gAds&google_gid=CAESELUurQLxj04gv3srbMUkU0E&google_cver=1&google_push=AXcoOmRR9iJ6qsti4BEEkWQzPLa8nXcWIYB-devFMGOwn_FfjtkVn082Gm6YmXBr2Lh3_YhyEQa8P9n2kngSrphVJM4VyFTyCehkBiazXE2EHA8phebJvV6aOCuf_-TdTRf2Rt4Xy-YkpA2sX3C0xp-rWZjArQ
Cache-Control
no-store, no-cache, must-revalidate
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
0
X-Tb
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
asr
aid.send.microad.jp/g/ Frame 01A2
43 B
641 B
Image
General
Full URL
https://aid.send.microad.jp/g/asr?google_gid=CAESEMT0FwbDGjajPrWjEsczxSc&google_cver=1&google_push=AXcoOmQHSHNYjOSMGxac2SW78gUpgMsOa50xUfL0dSr_f3z3wUpMGdcHcfKDUsCbEFu7cxSAtEg_Ir22-_51dxoZNZdl5iQtc9nEnKRcSYCB8ibk6gRrpdW-jVfn98tp19Os6PSmeKEM18GYHxtHirl90ausyV8
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.233.84.1 -, , ASN (),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=3600

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:01 GMT
Strict-Transport-Security
max-age=3600
Server
Apache
P3P
policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Connection
close
Access-Control-Allow-Headers
origin, x-requested-with, If-Modified-Since, content-type, Pragma, Cache-Control
Content-Length
43
pixel
cm.g.doubleclick.net/ Frame 01A2
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEPq1Wnw5ksDc9kaLUecsWcU&google_cver=1&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19...
  • https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEPq1Wnw5ksDc9kaLUecsWcU&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19Fzpbv2-y_NvpH_iYj1ool4_Hzd73yy0_p_yt3HVQekU7Qf...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19Fzpbv2-y_NvpH_iYj1ool4_Hzd73yy0_p_yt3HVQekU7QfjsMQPlEtb5kp-tuLHNGko_bK5W6g&google_hm=eEdPbFRZR1p6RkJkS1hzOGxIbDk=
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmQIGTyoam0QSWprkFYpKzg1HYp3tXVdro3P5Ixxxv_XdR3aKqy033FmKha7zvY-FOhaDgwO8uXVh9m19Fzpbv2-y_NvpH_iYj1ool4_Hzd73yy0_p_yt3HVQekU7QfjsMQPlEtb5kp-tuLHNGko_bK5W6g&google_hm=eEdPbFRZR1p6RkJkS1hzOGxIbDk=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
295
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 01A2
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEIm-Fg98JcOJdJB_KxXHF1U&google_cver=1&google_push=AXcoOmSSadZsyJZkmya0RA3Uv4toESV5-BRWgg-VzlBnw4vhwm5NN_JQj7wl21UTJVHHHcVh9MRCSbw5U4AgYqo...
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=kH8GmqA1X0l1b9rZNdpIFrAKahc&google_push=AXcoOmSSadZsyJZkmya0RA3Uv4toESV5-BRWgg-VzlBnw4vhwm5NN_JQj7wl21UTJVHHHcVh9MRCSbw5U4AgYq...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=kH8GmqA1X0l1b9rZNdpIFrAKahc&google_push=AXcoOmSSadZsyJZkmya0RA3Uv4toESV5-BRWgg-VzlBnw4vhwm5NN_JQj7wl21UTJVHHHcVh9MRCSbw5U4AgYqoOVtsNDAyAVwu4x1JRpNQPUFXCplU3P1sjuokCidrfHwCa-AosxzP43eHcf1o_Gy7XIczQ5kI
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=kH8GmqA1X0l1b9rZNdpIFrAKahc&google_push=AXcoOmSSadZsyJZkmya0RA3Uv4toESV5-BRWgg-VzlBnw4vhwm5NN_JQj7wl21UTJVHHHcVh9MRCSbw5U4AgYqoOVtsNDAyAVwu4x1JRpNQPUFXCplU3P1sjuokCidrfHwCa-AosxzP43eHcf1o_Gy7XIczQ5kI
Date
Sat, 13 Jan 2024 00:12:00 GMT
Connection
keep-alive
Content-Length
301
Content-Type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 01A2
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEKeGrS_FZeBgqh9WY_OwesE&google_cver=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyrI8wzYd...
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEKeGrS_FZeBgqh9WY_OwesE&google_cver=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyr...
  • https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=Sin7ACeFR_qpRdwPNl7e_Q==&no_redirect=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fe...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=Sin7ACeFR_qpRdwPNl7e_Q==&no_redirect=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyrI8wzYdhUD37r9EnIU2w1tpJN74gopWoHKDPIAV_CUVW3WmF85WGXWQLEt6vOctnzQHaIhP0UWetAQYVO_ahwCYgI3v
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=Sin7ACeFR_qpRdwPNl7e_Q==&no_redirect=1&google_push=AXcoOmTtmTpiAsMC-i_BRojweil6NN6E_01pnr0gmtT2Ow3YyTv3Fec73QoO5aytWolhyrI8wzYdhUD37r9EnIU2w1tpJN74gopWoHKDPIAV_CUVW3WmF85WGXWQLEt6vOctnzQHaIhP0UWetAQYVO_ahwCYgI3v
Date
Sat, 13 Jan 2024 00:12:01 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 01A2
Redirect Chain
  • https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESECcJcpxiqIOnBqkAX4JTHVI&google_cver=1&google_push=AXcoOmT_l7ye0OHuY0Cuz2CgcgwRTuQcaAV8HhkRq5SA3FAL5qMsJvDZS4ogm77Dci...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT_l7ye0OHuY0Cuz2CgcgwRTuQcaAV8HhkRq5SA3FAL5qMsJvDZS4ogm77Dci0q4mS8ukA6i5WpnOuiwL7r6FjvoCyrlfBarllsShE0oGocza...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT_l7ye0OHuY0Cuz2CgcgwRTuQcaAV8HhkRq5SA3FAL5qMsJvDZS4ogm77Dci0q4mS8ukA6i5WpnOuiwL7r6FjvoCyrlfBarllsShE0oGoczays-onLGgqYrBrqAvo5r6jT4rPoEFVngVFFn-V-d47cS48O&google_hm=R4zQzqvSR8yIDyOQGWJCPxc
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:11:59 GMT
via
1.1 google
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CUR OUR NOR"
status
302
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmT_l7ye0OHuY0Cuz2CgcgwRTuQcaAV8HhkRq5SA3FAL5qMsJvDZS4ogm77Dci0q4mS8ukA6i5WpnOuiwL7r6FjvoCyrlfBarllsShE0oGoczays-onLGgqYrBrqAvo5r6jT4rPoEFVngVFFn-V-d47cS48O&google_hm=R4zQzqvSR8yIDyOQGWJCPxc
content-type
text/html;charset=UTF-8
cache-control
no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 01A2
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K54r8InUsylxICMrf1df03Dl1Pdg5UchrK6kVBp4_J8BCMF4NfQxIvIu7GhbfyJukGB1wCGHM
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9176521898341909&output=html&h=90&adk=2316120902&adf=3609186151&pi=t.aa~a.1000136111~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1705104718&rafmt=1&to=qs&pwprc=6385710038&format=1110x90&url=https%3A%2F%2Fwww.babup.com%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705104718671&bpp=1&bdt=1638&idt=-M&shv=r20240109&mjsv=m202401080101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Db9ef4e70be805f84%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ&gpic=UID%3D00000d407f719b48%3AT%3D1705104717%3ART%3D1705104717%3AS%3DALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ&prev_fmts=0x0%2C1110x280%2C555x280%2C1110x280&nras=2&correlator=2296480671586&frm=20&pv=1&ga_vid=941796147.1705104717&ga_sid=1705104718&ga_hid=1170873792&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2043&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C95320238%2C31080264%2C31080265%2C95320868%2C95321627&oid=2&psts=AOrYGsk_hnJ7AgEmEdwPmBrfgfJ6lNUtHTsWAt-flQWDFHUo7pC7G6jI6RYokfg1Yu37XcVeY5kAtMpbdVZz9BqqeZXVkvU7%2CAOrYGski6pIu96nWe9JkFP_5inCJDVp5IzErrWmnG33GlUxh8yUyWXydSKnoGArsl0gkJ2Mv07YbGnqyr77aAqodQAKLNg&pvsid=697208698234851&tmod=2074571564&uas=0&nvt=1&ref=https%3A%2F%2Fwww.file-upload.org%2F&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=49
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:00 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
617d3deb-2a95-4384-bddb-fdb794f6b9f3
https://googleads.g.doubleclick.net/ Frame FFA8
720 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/617d3deb-2a95-4384-bddb-fdb794f6b9f3
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2ec07a6e77bc3abc56f801e141e9889c018ca8e96dfbe4042f49378699ee85f

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
720
Content-Type
application/javascript
b0863a3b-3e18-4114-95cc-a3547eb60d06
https://googleads.g.doubleclick.net/ Frame FFA8
725 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/b0863a3b-3e18-4114-95cc-a3547eb60d06
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb32ef70baf6f49f09b1fe50f680f2217d8fc8021f2b91beaabb96f6d582c96b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
725
Content-Type
text/javascript
7598441a-db72-49d8-b2af-2812086272e0
https://googleads.g.doubleclick.net/ Frame 9383
720 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/7598441a-db72-49d8-b2af-2812086272e0
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2ec07a6e77bc3abc56f801e141e9889c018ca8e96dfbe4042f49378699ee85f

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
720
Content-Type
application/javascript
cde07614-ba64-42f5-a012-621d9866643c
https://googleads.g.doubleclick.net/ Frame 9383
725 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/cde07614-ba64-42f5-a012-621d9866643c
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb32ef70baf6f49f09b1fe50f680f2217d8fc8021f2b91beaabb96f6d582c96b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
725
Content-Type
text/javascript
gen_204
pagead2.googlesyndication.com/pagead/ Frame FFA8
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2392405010549&version=m202309260101&ct=77&x=1&cor=1806302508290720000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 61B7
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0UAx906kr3djahFZrjM_uX_w8LjYan9PppudRNpCGHONxEBOro0MYfw8wtHVDJ9tjumpZqVh2-vjwkRT2Dy6-5B4oBuVDRZjcTwSDnnWDiwRkW7AoYCw8qUtPVByz4M6PzHTNlJRpfu9pFiMXVNjXHfal&sai=AMfl-YR5EPiE5UuycAzw8oloG_DIemKJzQUlPiy3W9rIYtkgDad-PswswgzhKnLqptx989FV2SfVflm4ramQVguJsgERNxrKolOEkhPQ4DqiFWE9ExMqZ7g9W--7sBecalR9Hv7XD_Iqzp_UuDdwVjTfsg&sig=Cg0ArKJSzMBG5WHYUl5wEAE&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&id=lidar2&mcvt=1236&p=0,0,90,728&mtos=759,1236,1236,1236,1236&tos=759,477,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705104718841&rpt=426&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9383
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3760297210361&version=m202309260101&ct=77&x=1&cor=4923925234655077000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 61B7
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1241491285501&version=m202309260101&ct=77&x=1&cor=1927283169535446500
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame FFA8
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuP38qwt-icTQL5ZfQSGQ3KYu4zgYSs9oSbrmSnYiXNyoVM-ZpYrFvHE0CHrDzWNMt4gJdeGAutpMamwOH1aqF-Z6TMATOFERr3AuUiB9RMBhK78DvgDtbYOXU0XHh-rSy43kD_GFk08eooqW22hrOE4FnE&sai=AMfl-YRfZY0cL1Qxyr_lKF7bLgn_k7Z6p2synMZ7bgBOkVcsNYn6R3IGPshZJwYRw_4eDFqvYdn7BT8hnIkJBHL4plWM8ZEmdd8KLzbtqhQBtJ3YLI7Xm8lJwkInCMJKe5nkp3KAf-M0UtrhuBkfs37cBw&sig=Cg0ArKJSzGUaa8FpVsnbEAE&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&id=lidar2&mcvt=1230&p=0,0,600,160&mtos=1230,1230,1230,1230,1230&tos=1230,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705104718775&rpt=463&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9383
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss1vm_rAS1nrNZHvtv9f2z1yJ9RsmiMhJxs8lEwz9ihXzCP4U2gbyNqgqMABJuuhec7pZZcK59tk7YKXzxY2nuor1YmLttm_qRKrrJp3FmC6GzyV3Wiobu3GtKuNtj4mtUbI2CBXZwpoasOdXWBhCzKHEsI&sai=AMfl-YTByB3L65g-2dxkB6k0BLqYXhtsrAzDTyF9Xm536Zedzuv5MqPxHkCdMuUqWZJiV-A-b9Y-ip7cBuvTBPfS_YvpTmokTslaLc4dn2FFgMF69geju7tCoKivBBY1skIE-cabNwGj27umPNOzPLVpoQ&sig=Cg0ArKJSzNlHJ0jtgkOtEAE&cid=CAQSTwAvHhf_1A0dsUSY6PTxmZ0kHfY6vU6MLaEusAnyUFbIl5WQwj7gZjOpblex61IFN95TtTc6zxr1CRL32dISExL_YSwF4-hDvjW7Tbc0vn4YAQ&id=lidar2&mcvt=1215&p=0,0,600,160&mtos=1215,1215,1215,1215,1215&tos=1215,0,0,0,0&v=20240110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705104718784&rpt=470&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 13 Jan 2024 00:12:00 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
779fa9d7-c35b-49a6-99db-1d4cd5e95ede
https://googleads.g.doubleclick.net/ Frame FFA8
288 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/779fa9d7-c35b-49a6-99db-1d4cd5e95ede
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
97bf326860f50a3e48b937a395da44fb697f230259b45d63cca9dcd24fddb243

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
288
Content-Type
text/javascript
2d43ffc8-4ab0-43ba-8388-9224d29fe69d
https://googleads.g.doubleclick.net/ Frame 9383
288 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/2d43ffc8-4ab0-43ba-8388-9224d29fe69d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
97bf326860f50a3e48b937a395da44fb697f230259b45d63cca9dcd24fddb243

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
288
Content-Type
text/javascript
62fa4cad-f0de-4897-9dd2-5103cdfe00ac
https://googleads.g.doubleclick.net/ Frame 61B7
288 B
0
Other
General
Full URL
blob:https://googleads.g.doubleclick.net/62fa4cad-f0de-4897-9dd2-5103cdfe00ac
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
97bf326860f50a3e48b937a395da44fb697f230259b45d63cca9dcd24fddb243

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
288
Content-Type
text/javascript
acrobat_create_2.jpg
cdn.flashtalking.com/116327/4064128/images/ Frame 35C0
8 KB
9 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064128/images/acrobat_create_2.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
27d8c907e21a0c80cfd4cf4a59f2601ed2562b989f07cbb0a5939d970152439e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064128/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:54 GMT
Server
Flashtalking (AKA)
ETag
W/"ec3e2fd7c6d74647cdf19a16bac59a6a"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
133212482
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=1090
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8322
Expires
Sat, 13 Jan 2024 00:30:10 GMT
acrobat_create_2.jpg
cdn.flashtalking.com/116327/4064125/images/ Frame 252E
8 KB
9 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064125/images/acrobat_create_2.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
27d8c907e21a0c80cfd4cf4a59f2601ed2562b989f07cbb0a5939d970152439e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064125/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:52 GMT
Server
Flashtalking (AKA)
ETag
W/"ec3e2fd7c6d74647cdf19a16bac59a6a"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
508250815
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=607
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8322
Expires
Sat, 13 Jan 2024 00:22:07 GMT
cors
data.ad-score.com/data/ Frame 61B7
1 B
283 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=16acee4b0292ff19e0889f33&pm_pl=1705104719823&pm_td=774&pid=1000941&en=1.1&callback=__pm_glbl_0Zsh2ckDe0A1S0xc0MFVb8WV._gc2&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Date
Sat, 13 Jan 2024 00:12:00 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
cors
data.ad-score.com/data/ Frame FFA8
1 B
283 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=62f1e5d0356a6280905fbd17&pm_pl=1705104720009&pm_td=591&pid=1000941&en=1.1&callback=__pm_glbl_YmuIfjKoWdTrQ8NBkU4KuZDq._gc2&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Date
Sat, 13 Jan 2024 00:12:00 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
cors
data.ad-score.com/data/ Frame 9383
1 B
283 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=94ae7288809da76786f32bc4&pm_pl=1705104720184&pm_td=419&pid=1000941&en=1.1&callback=__pm_glbl_qDYvm72kY6Lj4iYO2bWJPC0W._gc2&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Date
Sat, 13 Jan 2024 00:12:00 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame FFA8
6 KB
6 KB
Image
General
Full URL
https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 11 Feb 2021 15:39:51 GMT
Server
Flashtalking (AKA)
ETag
W/"d675694ab4d4d2eb56cca854c25d9c36"
Content-Type
image/png
X-Varnish
69423302 69718121
Cache-Control
max-age=922
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5953
Expires
Sat, 13 Jan 2024 00:27:22 GMT
consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame 9383
6 KB
6 KB
Image
General
Full URL
https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 11 Feb 2021 15:39:51 GMT
Server
Flashtalking (AKA)
ETag
W/"d675694ab4d4d2eb56cca854c25d9c36"
Content-Type
image/png
X-Varnish
69423302 69718121
Cache-Control
max-age=922
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5953
Expires
Sat, 13 Jan 2024 00:27:22 GMT
consumer-privacy-logo.png
secure.flashtalking.com/oba/icon/ Frame 61B7
6 KB
6 KB
Image
General
Full URL
https://secure.flashtalking.com/oba/icon/consumer-privacy-logo.png
Requested by
Host: www.file-upload.org
URL: https://www.file-upload.org/y5lr3w1ctduh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 11 Feb 2021 15:39:51 GMT
Server
Flashtalking (AKA)
ETag
W/"d675694ab4d4d2eb56cca854c25d9c36"
Content-Type
image/png
X-Varnish
69423302 69718121
Cache-Control
max-age=922
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5953
Expires
Sat, 13 Jan 2024 00:27:22 GMT
acrobat_screen_large_2_DE.jpg
cdn.flashtalking.com/116327/4064125/images/ Frame 252E
31 KB
31 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064125/images/acrobat_screen_large_2_DE.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
3358a3e45079f971cfbbb667ea10217a07e6e8e1b8021a040a855ba5681e3183

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064125/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:52 GMT
Server
Flashtalking (AKA)
ETag
W/"914f327625691df42bd6a5370fe03ba5"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
339672263 338965831
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=607
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31232
Expires
Sat, 13 Jan 2024 00:22:07 GMT
acrobat_screen_large_2_DE.jpg
cdn.flashtalking.com/116327/4064128/images/ Frame 35C0
31 KB
31 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064128/images/acrobat_screen_large_2_DE.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
3358a3e45079f971cfbbb667ea10217a07e6e8e1b8021a040a855ba5681e3183

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064128/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:55 GMT
Server
Flashtalking (AKA)
ETag
W/"914f327625691df42bd6a5370fe03ba5"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
322302327
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=1090
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31232
Expires
Sat, 13 Jan 2024 00:30:10 GMT
Image2.png
cdn.flashtalking.com/116327/4064128/images/ Frame 35C0
3 KB
3 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064128/images/Image2.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
c4e92296a73b7f2bba6c53ef121a0bcff7c1e6356c7e67342b12b4cbd0b537b3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064128/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:54 GMT
Server
Flashtalking (AKA)
ETag
W/"4c67e4026722bd6d0daea7eb2f8aa42c"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
277192352 276265958
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=1090
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2659
Expires
Sat, 13 Jan 2024 00:30:10 GMT
Image2.png
cdn.flashtalking.com/116327/4064125/images/ Frame 252E
3 KB
3 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064125/images/Image2.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
c4e92296a73b7f2bba6c53ef121a0bcff7c1e6356c7e67342b12b4cbd0b537b3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064125/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:52 GMT
Server
Flashtalking (AKA)
ETag
W/"4c67e4026722bd6d0daea7eb2f8aa42c"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
438137376 438227873
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=608
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2659
Expires
Sat, 13 Jan 2024 00:22:08 GMT
truncated
/ Frame 9383
35 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ Frame FFA8
35 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
ft.stat
stat.flashtalking.com/reportV3/ Frame 61B7
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936214;4064128;0-306-0-0-575388432
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:12:00 GMT
notebook.png
cdn.flashtalking.com/116327/4064128/images/ Frame 35C0
20 KB
20 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064128/images/notebook.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
ddfb5971da1973d5a22a3252907e907223c31fcfb2f2201aaa6f7dad54252fdb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064128/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:55 GMT
Server
Flashtalking (AKA)
ETag
W/"547d0f5acf5ab8da2792bfd169e19173"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
174659463 173691607
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=1092
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20401
Expires
Sat, 13 Jan 2024 00:30:12 GMT
notebook.png
cdn.flashtalking.com/116327/4064125/images/ Frame 252E
20 KB
20 KB
Image
General
Full URL
https://cdn.flashtalking.com/116327/4064125/images/notebook.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
Flashtalking (AKA) /
Resource Hash
ddfb5971da1973d5a22a3252907e907223c31fcfb2f2201aaa6f7dad54252fdb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://cdn.flashtalking.com/116327/4064125/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 13 Jan 2024 00:12:00 GMT
Last-Modified
Wed, 18 Jan 2023 23:48:52 GMT
Server
Flashtalking (AKA)
ETag
W/"547d0f5acf5ab8da2792bfd169e19173"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
X-Varnish
438137378 439160344
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Cache-Control
max-age=608
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20401
Expires
Sat, 13 Jan 2024 00:22:08 GMT
truncated
/ Frame 61B7
35 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
cors
data.ad-score.com/data/ Frame 9383
1 B
283 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=94ae7288809da76786f32bc4&pm_pl=1705104720184&pm_td=577&pid=1000941&en=1.1&callback=__pm_glbl_qDYvm72kY6Lj4iYO2bWJPC0W._gc3&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Date
Sat, 13 Jan 2024 00:12:00 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
cors
data.ad-score.com/data/ Frame 61B7
1 B
283 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=16acee4b0292ff19e0889f33&pm_pl=1705104719823&pm_td=1065&pid=1000941&en=1.1&callback=__pm_glbl_0Zsh2ckDe0A1S0xc0MFVb8WV._gc3&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Date
Sat, 13 Jan 2024 00:12:00 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
cors
data.ad-score.com/data/ Frame FFA8
1 B
283 B
Fetch
General
Full URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=62f1e5d0356a6280905fbd17&pm_pl=1705104720009&pm_td=887&pid=1000941&en=1.1&callback=__pm_glbl_YmuIfjKoWdTrQ8NBkU4KuZDq._gc3&tt=g&v=68d29ed
Requested by
Host: js.ad-score.com
URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
4.115.211.130.bc.googleusercontent.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://googleads.g.doubleclick.net
Date
Sat, 13 Jan 2024 00:12:00 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1
Access-Control-Allow-Methods
POST
Content-Type
text/plain; charset=utf-8
ft.stat
stat.flashtalking.com/reportV3/ Frame 9383
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936335;3699647;0-307-0-0-556879303
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:01 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:12:01 GMT
/
ad-events.flashtalking.com/state/7936335;3699647;0;202;0F169571-8E2C-7661-2788-CD30DCBCBA5E/ Frame 9383
0
66 B
Image
General
Full URL
https://ad-events.flashtalking.com/state/7936335;3699647;0;202;0F169571-8E2C-7661-2788-CD30DCBCBA5E/?cachebuster=925038934
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.79.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-79-60.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:01 GMT
server
awselb/2.0
content-length
0
content-type
text/plain; charset=utf-8
ft.stat
stat.flashtalking.com/reportV3/ Frame FFA8
1 B
377 B
Image
General
Full URL
https://stat.flashtalking.com/reportV3/ft.stat?0-7936335;4064125;0-307-0-0-676956827
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-38.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 13 Jan 2024 00:12:01 GMT
Last-Modified
Thu, 28 Jun 2012 14:38:09 GMT
Server
AkamaiNetStorage
ETag
"c4ca4238a0b923820dcc509a6f75849b:1340894289"
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1
Expires
Sat, 13 Jan 2024 00:12:01 GMT
/
ad-events.flashtalking.com/state/7936335;4064125;0;202;9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB/ Frame FFA8
0
66 B
Image
General
Full URL
https://ad-events.flashtalking.com/state/7936335;4064125;0;202;9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB/?cachebuster=481556779
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.122.79.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-79-60.eu-central-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 13 Jan 2024 00:12:01 GMT
server
awselb/2.0
content-length
0
content-type
text/plain; charset=utf-8
cors
data.ad-score.com/data/ Frame 9383
0
0

cors
data.ad-score.com/data/ Frame FFA8
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.file-upload.org
URL
https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Domain
www.file-upload.org
URL
https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Domain
www.file-upload.org
URL
https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Domain
certify-js.alexametrics.com
URL
https://certify-js.alexametrics.com/atrk.js
Domain
data.ad-score.com
URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=94ae7288809da76786f32bc4&pm_pl=1705104720184&pm_td=1276&pid=1000941&en=1.1&callback=__pm_glbl_qDYvm72kY6Lj4iYO2bWJPC0W._gc4&tt=g&v=68d29ed
Domain
data.ad-score.com
URL
https://data.ad-score.com/data/cors?pm_st=mLAlHFJpYSUGCYdvGHUoxcnJKIUYdQYH-FE7fPshldVrlKDwf0HLIE0LCPg==-E03BOcxnaFThNw==&pm_ct=62f1e5d0356a6280905fbd17&pm_pl=1705104720009&pm_td=1463&pid=1000941&en=1.1&callback=__pm_glbl_YmuIfjKoWdTrQ8NBkU4KuZDq._gc4&tt=g&v=68d29ed

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| __cfQR function| BlockAdBlock object| blockAdBlock function| gtag object| dataLayer object| google_tag_manager object| google_tag_data object| FB string| GoogleAnalyticsObject function| ga object| _gat object| _gaq object| html5 object| Modernizr function| yepnope object| jQuery112408223781385219855 function| CBPFWTabs function| $ function| jQuery function| setPagination function| WOW function| eve function| mina function| Snap object| adsbygoogle object| __buffer boolean| detected function| adBlockDetected function| adBlockNotDetected boolean| __cfRLUnblockHandlers object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint object| gaGlobal object| gaplugins object| gaData function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| googletag object| google_image_requests object| google_llp object| googlefc boolean| adsbygoogle_ama_fc_has_run object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| NWEzZjc4M2M4ODZjYzg3M2xvYWRlcl9qcw== string| NWEzZjc4M2M4ODZjYzg3M2NhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady number| __google_lidar_ function| __google_lidar_radf_ boolean| 650ad3f4-5b17-4fcd-9c97-aa0cefa68b32

31 Cookies

Domain/Path Name / Value
.file-upload.org/ Name: lang
Value: german
www.file-upload.org/ Name: visited
Value: visited, visited_expires=Sat Jan 13 2024 01:12:56 GMT+0100 (Central European Standard Time), path=/
.babup.com/ Name: _ga_3T7TKCZCC9
Value: GS1.1.1705104717.1.0.1705104717.0.0.0
.babup.com/ Name: _ga
Value: GA1.2.941796147.1705104717
.babup.com/ Name: _gid
Value: GA1.2.488112055.1705104717
.babup.com/ Name: _gat_gtag_UA_119779859_1
Value: 1
.babup.com/ Name: __gads
Value: ID=b9ef4e70be805f84:T=1705104717:RT=1705104717:S=ALNI_MYm8xQo-SOcOejhf5YFI0pE8I0iQQ
.babup.com/ Name: __gpi
Value: UID=00000d407f719b48:T=1705104717:RT=1705104717:S=ALNI_MZdEZkDtElk0GiyQ6GW9JDOwxi7uQ
.doubleclick.net/ Name: IDE
Value: AHWqTUk2qXCP-xeFlRS60OGJCH9pUj_aUFfkpKvv56-z3XYXgCVecjKPAiFjj-k7a_8
.googleadservices.com/ Name: ar_debug
Value: 1
.casalemedia.com/ Name: CMID
Value: ZaHVTh7I1N-PS6MZyDTt3QAA
.casalemedia.com/ Name: CMPS
Value: 5145
.casalemedia.com/ Name: CMPRO
Value: 5145
.adnxs.com/ Name: uuid2
Value: 3470660182114644106
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2C%yGBYXf!@wnfH8K6pQK`!5=E<*L5?%L[iSZqX_0]`JjE]2]4JJK(5>#<#A8dq9u=jbP%nugO%v4VB%nn4p*)7M=
.openx.net/ Name: i
Value: 528c0979-f731-4477-99db-882b13bec525|1705104718
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: ar_debug
Value: 1
.babup.com/ Name: FCNEC
Value: %5B%5B%22AKsRol-zhlw4hfv7Xe_e1ZSKLChL6YI7rrFhGfg1EBrdkhdDEua5K480bfGm0CgD-fGM7ACRtmi4QKG3_2iwgC8NhAl99QV_JkpMUp--EkHkJWssG7Bvt3s_MTvb4LlVTOorBOAtjrgTbg8HvfoWXCQ0cXHEd2KAwA%3D%3D%22%5D%5D
.bing.com/ Name: MUID
Value: 2C9020240DB16863269534210C1B693E
.adnxs.com/ Name: XANDR_PANID
Value: PqEhusUjGSVeesHKFxX9qxgHQzZGvS_mPqOoFgZhfmS5z4ZkIfbTIoM-i_rti76efcVFRHneUzq7xndn_xXv7eOIztD9b-v-CYlm1C-iSd8.
.ctnsnet.com/ Name: gid_CAESECcJcpxiqIOnBqkAX4JTHVI
Value: 1
.ctnsnet.com/ Name: cid_478cd0ceabd247cc880f23901962423f
Value: 1
.mxptint.net/ Name: mxpim
Value: R35CA9_10F329A7F_8B8D73B2.1.65A1D550
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-907f069a-a035-5f49-756f-dad935da4816.kwW7pHy6gie4KBv32Q%2BXSFX1IrPCMkwWJHkasreMiOA
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-907f069a-a035-5f49-756f-dad935da4816.kwW7pHy6gie4KBv32Q%2BXSFX1IrPCMkwWJHkasreMiOA
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AkH8GmqA1X0l1b9rZNdpIFrAKahc.i0ltIpZRJVQTFzLl%2F2d2dBUgbMKQn0ul4aChRzskzZk
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AkH8GmqA1X0l1b9rZNdpIFrAKahc.i0ltIpZRJVQTFzLl%2F2d2dBUgbMKQn0ul4aChRzskzZk
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILdbVQ6GfWIjKnQE44fvzPsTJLYsLDLzPsCVoIzcS3bREHwYBCDQqoetBjABOgTwi70wQgRBkleN.%2BkPR6fVaS6blcsVx9UcY%2FLTBr4fB5deqwJusN6%2BlF%2F4
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILdbVQ6GfWIjKnQE44fvzPsTJLYsLDLzPsCVoIzcS3bREHwYBCDQqoetBjABOgTwi70wQgRBkleN.%2BkPR6fVaS6blcsVx9UcY%2FLTBr4fB5deqwJusN6%2BlF%2F4
.zemanta.com/ Name: zuid
Value: xGOlTYGZzFBdKXs8lHl9

25 Console Messages

Source Level URL
Text
javascript error URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Message:
Access to font at 'https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.file-upload.org/mngez/fonts/vendor/font-awesome/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Message:
Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-500.woff2?08609a017d830988630ee1b38a7ef71a
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.babup.com/file.php?get=y5lr3w1ctduh
Message:
Access to font at 'https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d' from origin 'https://www.babup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.file-upload.org/mngez/fonts/poppins-v5-latin-regular.woff2?ce0c9ae08840a0b43bccb9f5a86e155d
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://certify-js.alexametrics.com/atrk.js
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=3699647&l5=1&l6=1&utid=0F169571-8E2C-7661-2788-CD30DCBCBA5E&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=356195.97281226254&pub_ts=1702308224&556783482(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936335&l4=4064125&l5=1&l6=1&utid=9C9907CA-7DF1-3A3C-FF1C-8E8AC5EBC9AB&creative_type=display&adid=ftdiv7936335&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=40798.74715706239&pub_ts=1702308224&760561027(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442(Line 1)
Message:
Failed to create WebGPU Context Provider
javascript info URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442(Line 1)
Message:
WebGPU is experimental on this platform. See https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
rendering warning URL: https://js.ad-score.com/score.min.js?pid=1000941&tt=g&tid=27133&l1=225040&l2=DV360&l3=7936214&l4=4064128&l5=1&l6=1&utid=26446FA9-D1C2-7DB5-0A66-DE4901A6F62F&creative_type=display&adid=ftdiv7936214&pub_app=&pub_domain=https://www.babup.com/&uid=&cb=574415.640335491&pub_ts=1702308224&821977442(Line 1)
Message:
Failed to create WebGPU Context Provider

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0;includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-events.flashtalking.com
ad.doubleclick.net
adsdk.microsoft.com
aep.mxptint.net
agen-assets.ftstatic.com
aid.send.microad.jp
ajax.googleapis.com
ajs-assets.ftstatic.com
ams3-ib.adnxs.com
b1sync.zemanta.com
beacon.walmart.com
cdn.adnxs.com
cdn.flashtalking.com
certify-js.alexametrics.com
cm.g.doubleclick.net
code.createjs.com
connect.facebook.net
data.ad-score.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
ib.adnxs.com
images.dmca.com
ius.ctnsnet.com
js.ad-score.com
pagead2.googlesyndication.com
region1.google-analytics.com
rtb.mfadsrvr.com
secure.flashtalking.com
servedby.flashtalking.com
ssl.google-analytics.com
stat.flashtalking.com
sync.srv.stackadapt.com
tpc.googlesyndication.com
us-u.openx.net
www.babup.com
www.bing.com
www.file-upload.com
www.file-upload.org
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
certify-js.alexametrics.com
data.ad-score.com
www.file-upload.org
104.18.36.155
130.211.115.4
142.250.186.34
142.250.186.98
143.204.98.57
165.254.203.172
172.217.18.102
184.30.16.183
185.89.210.82
188.114.96.3
20.230.171.39
2001:4860:4802:34::36
202.233.84.1
23.55.230.179
2400:52e0:1e00::1082:1
2600:9000:2447:c200:a:deb0:3380:93a1
2620:1ec:46::63
2a00:1450:4001:802::2001
2a00:1450:4001:806::200a
2a00:1450:4001:806::200e
2a00:1450:4001:811::2008
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:828::2008
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:82b::200e
2a02:26f0:3500:11::215:14cb
2a02:26f0:3500:1b::1724:a392
2a03:2880:f083:100:face:b00c:0:3
2a06:98c1:3120::3
2a06:98c1:3121::3
3.122.79.60
3.160.196.34
34.98.64.218
35.157.103.71
35.186.193.173
37.252.171.53
54.146.46.22
64.74.236.191
95.101.148.38
0186abebc0f1ba6689a8f534f796843fb1f96c07402cebeb9f171a1eaba89994
01a5e56fa3cc3c923dbb654672ce1c6f2e8592a913deb2efdcc1b43d98d602af
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
04a4ec051482dbeac84bf68c61fe3abc1cd91a21d49527e14521723bd7606d94
04c70fde91b4453fc57ee4fb59c8a87b463b1144c2adf67dbb08e75f2ef18dbc
04d6952bf30fc80e0e40eefa6209d241f035e64cc34ae6bcc11257d8bc43d45e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fa8edf9987e047736206fba362ee73c6718688746923601eeeca60efe9e57ae
0fba3d50b8fc647da65e359018f7b951e285d9ee192c600d39bad93bc3002983
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15cb89ff6f876057e2c3a3d4e77f4daf6fc86e2a2f4e4bf4712778b85bdbfa36
172cf50810a0908328c1b84efe6b7daf3427921e02e1a8a72915b774282030b9
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1c2ab7ad974f039e1d9e0206418b600d8fe76ca710528ebea654eb6da98a23f6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2677bc8a20cdb42457624e21ac18c1ff50ddf298ddb16b17cd64ce40375ec208
275c19cd05800cd895707c6ce228c8b502126b25a79e50a0ca6dbede77f1364f
27c5969dc8d515e42b01193ec6ff64e2ff6b74ee39af199445978bb8afa25810
27d8c907e21a0c80cfd4cf4a59f2601ed2562b989f07cbb0a5939d970152439e
296f2e47e3fe383460cbb78800582519fb9b41cd9f0d4f059f20eee8c27444f6
2c5b5707f4e3f81bb05208e8635cc6de2d41e73e0f6c08533c80e5d64d62d90a
2c8f6458e26a06c52663f2baf600362950f74bb4c1fa937e219107519c916d0f
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
30216b447644d7908a8ef33a44bc268e0b88ee6aa1d379b9e80ee803d189362f
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
322ca6f9fc6489a405b26f6ef7cdf5f186d7d7ae2f61ab11c4a9cfac6a4ee99a
3358a3e45079f971cfbbb667ea10217a07e6e8e1b8021a040a855ba5681e3183
342360bdb3a0d144e4f46b63950d717130d8db2e2b1b78a52618828283875b04
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3e4dc309817221417205c20dceff2dc39d90c460fbfae740a4bd99cd27194ae9
41111e02fcaf010fb231dfc4cc8b7d8ae4778369642908e2712b58730f4a9bdb
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
49b19f7f2d3d0fc9d2270cd1ebd79d468ca86cf308f33b063595863e3f392e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c697348fa3cefd75c8fc7722ff365ff1c7d72a2c16f2a6cb27025f23253038e
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
519e50788224b3422c6e6b1cce48d5decb83eece248558b54e48f88491e48aa4
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b198b5ed1bd02e77f84c6971a69d5c2160c0c32fd770ce33405e194750f5fd
5673d5c33ae061335d136a7c0a95fabaff555eb5946e71758837bf735d06ae1b
56e70c2fea595cdb15f418a8f79227fd5cb5838e2ee6e56fd44abc63e2cfa239
5c1e0b3e95f709cc25116fe5aa41699cdc9b4bdebb11b6accf0f45cb4ffe8d97
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d04c2613efd8ffc170901c96813e3d5a8488af4763a8c33d0750afed1b3bb9f
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
5edebd5f81bca146bdaa08755715b54ab6f675324b53fa6b1c210f6788f9c2ff
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
707c9aa55f2aa73c6b344823622028969b9f7dc7c083255af7f8ec741a410796
759ce2a2ce00d61d23c78b075f72880dba5cec69876073fc1313ccfe536c7101
769ee939d30b52b87188279843d794f4d5c5d6f21686214094bc682c23d99b2c
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7c601baf5b9737f0d9bf8c25573ffb9687e9b4b60d067b96789fade536460af9
7e6c70175423e0468a845c7b024ae9431f79ec21b8a7098d0ea0a02cae461a9f
7f54332f3e09fdaf36272a30afccb8b03537641d37a0b24927ebcf9b273f02e5
850d2651d8bfe91f062a36b5358485eadb067681ef7e8aba1dacc422e8fdc3eb
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8a3c1f201930e9a99b9a8dbce31d136c5ce51118fdee34057900d3dc67d2943f
8b10f63a6e1c4defaff38afc5d40041b92f70335181757ef9d14eb58f2556cc5
8cb1bf69c8d0861eb95cea1e1aff519fea760e6eb6a0661967ecd25990779ba8
8d870b31f1b4af3079c998bcef8b2feb69f047a9d4fa07ff66bdf9c41c9c2843
9652381ecc9c1e3c8fafe20b1108aaa941955e8d0a881022dfb95c1701cfac81
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
97bf326860f50a3e48b937a395da44fb697f230259b45d63cca9dcd24fddb243
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ecb70a32181d648ffdb7e7502658bfa695a721a07cc0ac3c192d3a8c04dbcd7
a177d3c38d44e2e0c10335aa3452465c4d8caca539d9cefa074b7e5da8462964
a515516d68036c9f5f24efbee62770ad695f16301162cb6bc6470a2a4023f90c
a7fc9ee416596170d950c501af69ae5850c3d56bbd226f14290868a391b505da
a89893d166d647ef4b835f100216d84d7e0fc9b6ba57d90716019ffd866a0c13
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ab3b4928cd56c0165c0492340c2bd5e77405f7a485107039c765e4a9f587a205
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b0f12dedf8110d0fd89d298da2d96d380ef93334aa6d523ea562875420638061
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b18a606524e3cad496d5f53c321f5da717683f389c807b9a33026a8bec965bf7
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
bb32ef70baf6f49f09b1fe50f680f2217d8fc8021f2b91beaabb96f6d582c96b
bdebc766bf640756940aa6ffa8c4f617eee54314fb32eea993565888708308db
be7ac28defdb1d48a8e776eeea4af15d2ce36d84560e7df90e5814c299babbd1
c0d397e8282692eeb45b274667ab36ecac65559e322e17cb27f1cbd7b14d223d
c33412ba91028feec6a26b56c72f3ce03a24512785c25247447c2d1e81c8ff13
c4240e9eaf9511fe3874d212d27668839cc1884f4efc8cf0578ea0db46818f09
c4e92296a73b7f2bba6c53ef121a0bcff7c1e6356c7e67342b12b4cbd0b537b3
c520672fec578bed5c66dcfb55e14af63d784c9e5d0ada4b620c55eb78e1d078
c8398e3a12c77db0695fb66a0b180d4492ccfe268435a59abdb9a056bbbf92a8
ca9265c7ee5578502950dd0d767760dc147704382289365ebe0129e5900b534a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdde1eb85d0f957179effd0b0fabd0881c22937c6121f6836d4c7dd9bde5b387
d29d828d6325febec52e865f833ae018e0afc94423905809e912b5cfaeb18c45
d2ec07a6e77bc3abc56f801e141e9889c018ca8e96dfbe4042f49378699ee85f
d3d30a814a111a4ec66d06dfb59b13e82c202b61c47c0e6cf577a36ef3223f5a
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
d9aa91c7d072f946c153f671e0bf02e2407d5dd73031c05d830fc61d832484b1
d9d8d2c881b15100dd8a4d262668ab446299e16a9ea7389df8531b08918e36ce
ddfb5971da1973d5a22a3252907e907223c31fcfb2f2201aaa6f7dad54252fdb
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de6817ba7388f16634ae85e82e367e6a17180d67540dfd650918180c5d5bd856
e01328638edcae791d4fa6402aa7fe191b151f8907ae6945a969b159d1210150
e367a2d0e62116b0a999990fdf2a3584d916ca0458269b6a43e825b7bdbcb060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e8d42cefbffb64b7474ae6342fbc144e012ff7a7d12b7cba2d57d42bd1106f24
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed88d5a1c97dc43c114c0b289b3b5abf077be44e8e8765a9ad777f94af433411
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2520b4f876b6831eb89b69899b3bd380d9f5e7fffa938478803efc9ba2f38f6
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f75ada33b07cb31e16a0a0d3325961a22dc9526edb49bff04c31d7b7611f7025
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f9ef535fe2bf06462d7590670ccfe1bf36a28bf0cb90d01ed2463276bea6e64a
fb7d30967c386c1827ab1e53db214d8dccd372ace73953ac3d8f696a04ffabf6
fe894077580a26a7bb0005cc423f8c9b22041593ec03bce3e9061dca7d7b5f1f