www.rafyon.net Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Submission: On November 12 via api (November 12th 2023, 9:27:59 pm UTC) from US — Scanned from NL

Summary HTTP 138 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 40 IPs in 5 countries across 27 domains to perform 138 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.rafyon.net.
TLS certificate: Issued by GTS CA 1P5 on September 18th 2023. Valid for: 3 months.

This is the only time www.rafyon.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225e:e00:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:a200:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3030::ac43:9391	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:a200:f:a31d:75c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:225b:7a00:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.9.66.122 65.9.66.122	16509 (AMAZON-02) (AMAZON-02)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 3	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
1	54.194.163.10 54.194.163.10	16509 (AMAZON-02) (AMAZON-02)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
6 8	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 7	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
7	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
1	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
1	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1 4	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
2	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	54.36.108.3 54.36.108.3	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
138	40

29 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.rafyon.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:e00:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:a200:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.salaty.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::ac43:9391 (United States)

ASN13335 (CLOUDFLARENET, US)

www.fontstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:a200:f:a31d:75c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.optad360.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225b:7a00:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-122.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.119 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.163.10 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-163-10.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.184.194 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.46 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f134.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 116.202.48.214 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.47 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

hal90002.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.108.3 (France)

ASN16276 (OVH, FR)
PTR: ns3112796.ip-54-36-108.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	googlesyndication.com 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 149 pagead2.googlesyndication.com — Cisco Umbrella Rank: 97	199 KB
29	rafyon.net www.rafyon.net	462 KB
23	doubleclick.net 7 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 325135	253 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	110 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	5 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal90002.redintelligence.net — Cisco Umbrella Rank: 251539	11 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	4 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 406	104 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 105	2 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 454 mug.criteo.com — Cisco Umbrella Rank: 2926	7 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1656 google-bidout-d.openx.net — Cisco Umbrella Rank: 1665	752 B
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	2 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	164 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	126 KB
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 976 bcp.crwdcntrl.net — Cisco Umbrella Rank: 887	12 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 863 id5-sync.com — Cisco Umbrella Rank: 440	32 KB
2	fontstatic.com www.fontstatic.com — Cisco Umbrella Rank: 377930	71 KB
2	gstatic.com fonts.gstatic.com	65 KB
2	salaty.net www.salaty.net	13 KB
2	optad360.io get.optad360.io — Cisco Umbrella Rank: 36330 cmp.optad360.io — Cisco Umbrella Rank: 52711	61 KB
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 88526	18 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 2139	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2491	3 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 668	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1762	8 KB
1	optad360.net cdn.optad360.net — Cisco Umbrella Rank: 59248	3 KB
138	27

	Domain	Requested by
29	www.rafyon.net	www.rafyon.net
20	pagead2.googlesyndication.com	2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com pagead2.googlesyndication.com www.rafyon.net tpc.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
14	tpc.googlesyndication.com	www.rafyon.net 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	s0.2mdn.net	www.rafyon.net s0.2mdn.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net www.rafyon.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	hal90002.redintelligence.net	1 redirects 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com hal90002.redintelligence.net
4	googleads.g.doubleclick.net	www.rafyon.net 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com pagead2.googlesyndication.com
3	2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	fonts.googleapis.com	www.rafyon.net securepubads.g.doubleclick.net
3	cdnjs.cloudflare.com	www.rafyon.net cdnjs.cloudflare.com
2	8019191.fls.doubleclick.net	1 redirects www.rafyon.net
2	googleads4.g.doubleclick.net	www.rafyon.net
2	www.googletagservices.com	2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	gum.criteo.com	1 redirects static.criteo.net
2	oajs.openx.net	1 redirects www.rafyon.net
2	www.fontstatic.com	www.salaty.net www.fontstatic.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.salaty.net	www.rafyon.net www.salaty.net
1	adservice.google.com	8019191.fls.doubleclick.net
1	cdn.contentspread.net	hal90002.redintelligence.net
1	hal9000.redintelligence.net	2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
1	ad.doubleclick.net	2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	mug.criteo.com	www.rafyon.net
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	id5-sync.com	cdn.id5-sync.com
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.optad360.net	www.rafyon.net
1	cmp.optad360.io	www.rafyon.net
1	get.optad360.io	www.rafyon.net
138	41

This site contains links to these domains. Also see Links.

Domain
en.optad360.com
www.facebook.com
twitter.com
www.arb4host.net

Subject Issuer	Validity	Valid
rafyon.net GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.optad360.io Amazon RSA 2048 M02	`2023-09-17` - `2024-10-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
salaty.net GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
fontstatic.com E1	`2023-11-11` - `2024-02-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.optad360.net Amazon RSA 2048 M02	`2023-06-26` - `2024-07-24`	a year	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-09-25` - `2023-12-24`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-10-24` - `2024-01-22`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
contentspread.net R3	`2023-10-23` - `2024-01-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Frame ID: 2A41C19BFCF6AAE288BA4B5441EE7002
Requests: 57 HTTP requests in this frame

Frame: https://www.salaty.net/embed.html?with-country=2&with-city=36&with-lang=ar&with-sunrise=1&with-city-desc=0&with-city-time=0&with-difference=0&with-developers=0&with-color=004040
Frame ID: 1D3C71A7AFCA70BDE12AD5D1E17C4FED
Requests: 4 HTTP requests in this frame

Frame: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A377EFA67AE837912CBA672734113707
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.rafyon.net
Frame ID: 74C2E3DFC646456A47F94C34AAF1C4B0
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 7D958AA79DA169F6C5D6B8FB8FA2096E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Frame ID: 576113F2096F7C2BFBE371AFDBC22686
Requests: 14 HTTP requests in this frame

Frame: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E7E83A31BBB98FB09EC143913488A628
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiEp7zGATAB&v=APEucNVU-VQ5Ca3cvnf-V8u7-UeQXkEgufYjB2diWF97BuDnCM_iJ5ZtTARzGIUOaGbHNivzJNxW9LHKQgO7cVRk3TfxomIPQB7OhaQKOGJmBBFINRjl0JqUdgKA2rFOQ0MJoi2fH5wfsn5r0VjzjZI43TO9sbUCQevm2lDFxw6ezhC0SHa_BkxBrAn7eYrAGvmlsvPGgvRN5kHrgFaxjmDs159LPtDAXA
Frame ID: 126C2F06F9075A1D73A5087ABE12F030
Requests: 5 HTTP requests in this frame

Frame: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 73EDC8C8915E0DC59CC7087DA3E36676
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLWwChCPwUUYvcWc5QEwAQ&v=APEucNUD29FrLvrn8FFt9N8Vd5u7nxRcB3ocgAvToyz1cqdML-0qKm6kAHixjVJJeingClujR74_y-bOM8S-8QNoHk7CDo_hNgChA7JldNQS1SrkOGB8sRnSfBEu9mOdm8ZjYhe8vRT44jPY0YU1UStN4uKASbCKpwcqDUvQIQte7Pkx9uTG524yvaIuBNJoIfFCXBhnwxHP5eoE2wEF0Glnu5kr939Kqg
Frame ID: F95E06BCED95255D7EC623447B9F1CA4
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 41ECB633D9CF4F8CFF56A3877A8AC6BE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 84C44114CE0887C96FB98FD75B7A5ECB
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250
Frame ID: BA0900AB77640AB6D5D0B6A0165414E3
Requests: 6 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52
Frame ID: 8D30828294D887E7AED4063167751ECA
Requests: 2 HTTP requests in this frame

Frame: https://hal90002.redintelligence.net/request_content.php?s=98622600140485304445414012506002&a=013dcc30
Frame ID: 725B882CD044E93CD621D51ADFBF69DA
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1F9769076D7BABB986A12095E73C90F2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9587C58279851F0E6FEB1EE822545D38
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

هل يعتزل كريستيانو رونالدو في النصر؟ - رافيون

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

138
Requests

91 %
HTTPS

59 %
IPv6

27
Domains

41
Subdomains

40
IPs

5
Countries

1742 kB
Transfer

4161 kB
Size

17
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://en.optad360.com/?utm_source=branding&utm_medium=display&utm_campaign=www.rafyon.net

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.rafyon.net%2F%3Fp%3D7075
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=%D9%87%D9%84+%D9%8A%D8%B9%D8%AA%D8%B2%D9%84+%D9%83%D8%B1%D9%8A%D8%B3%D8%AA%D9%8A%D8%A7%D9%86%D9%88+%D8%B1%D9%88%D9%86%D8%A7%D9%84%D8%AF%D9%88+%D9%81%D9%8A+%D8%A7%D9%84%D9%86%D8%B5%D8%B1%D8%9F&url=https%3A%2F%2Fwww.rafyon.net%2F%3Fp%3D7075
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.arb4host.net/np/
Title: برمجة وتصميم عرب فور هوست

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&rid=esp&cc=1

Request Chain 59

https://gum.criteo.com/sid/json?origin=publishertagids&domain=rafyon.net&sn=ChromeSyncframe&so=0&topUrl=www.rafyon.net&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=EIzUU3w3am5OWXIwajRTR1V1T3ZXUTNHK3JtVkFMZ1ZWWUIyMzlmTU4wd0dJMCtMcXVKNkpnUTRaUEMrMXp5a0UxTHVEN1ltY0RqcHVsRG8vY3kyQy9vZUF1T2k3cTZyanBvZGdtOXR0bWlnTWZIREhnSHNGVkR1WHBMejZxU2dCdFlGWExMMytkcFVDSFo3NlFQNFVVMkMxWG1SL2dEWmdzT1ltYUtBY0NvOWVHd3RpVDB2TTljVldBbWhTWDROd05ISWkzOFl3WlA4MGFsUERsZmdhTXhuUDZqUlVoYjhDWVV2dS9hTUJSM2lqdFVEUTVZQ1FGS2dkZEFYNWRqZVFGeGhyakhaNXN2VDNhZGtMUTBKM2gzYjJKZz09fA&cppv=2

Request Chain 72

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 82

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1

Request Chain 83

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVFDWnYHXypzGT.X5u4WZwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1

Request Chain 85

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1

Request Chain 107

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVFDWnYHXypzGT.X5u4WZwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1

Request Chain 109

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D

Request Chain 112

https://hal90002.redintelligence.net/request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCXbCOWUNRZdOxMZDggAeLraqQC8z5hqBp273H__cP8C4QASCqgMMiYJEEyAEJqQLSS1n3nu2xPqgDAcgDmwSqBJcCT9C5Legf9Pc61IQGZJ3sA8wnGJZxXgl25UUjWJvnxi8MhHNHMCfoDZWmMS5Cbs9VhynWoh4_4pwsvwBEPo8UJyYMTarg-KhmAU0mONT9HHYA1YA2I_Y6_8ppMdc88MZgZNugd4uBNoL__Lk4vqjwGT5RQUUi2cQT6-M5ZhCLZ6b_iMpFSH2-gYNEYWQp3GzxMLD26mLAyKKx8cio_O27zlBrKP2sk_BnInyELUIavPFFKzg52I1YMbX7umYxi3n-4rv8cQtK-OW0X0UHo_78sd88mVAda--2nImbqVE_WDof7XqD9aUcwN6Chv-UBbQZ0dKgMNcAyMFJt-OKcsaY66enIBlUNGU8U9hIDdAhnnGVYZQEzgCxwATq68yj5APgBAOIBZWv4f09kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03OTI1NjgyOTQwMjU4MDI0gAoDmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CTkziDRMIhPi0z7O_ggMVEDDgCh2LlgqysBPgm80O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ%26sig%3DAOD64_0ai5lDpZFATVbDZzpHz4D5Vk5o1Q%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-CCmgLU0y8G6gz7MXKoHP7TSHVsTBT0RTK7Z_CQNLx_tw6ylJRU82X0tzkB0r_2gqsQ109k20Mt-ReIawepPkIJYdeEvM1u0-2q9CQG7LgSaUm_rao73_V8F903qCKO8h2qWkKdHauPce1Q4FHzdz7XZIxc8zRTIZLbaz5j7ZM2-DGIB4g%26cry%3D1%26dbm_d%3DAKAmf-CawW9QCeL-PhUNMgVAw3A-8MyzvNLHFZhuL8ntaM7UZFtsB9oy6aAK0K0t1Cf1B_DwpJ8eavlCF2CTZsfB3M-sbItdP4oIJ7L2_uGDIGIus_98Ob4rIgz4s4a4Jvgqi-0GC700Txumw9PNgEHM8U-8U5WVPKyWn-EpzIRKgblNNjpq85cxemfYFJv08PTePaV0-gV-fPlKDRBZi9YbUqFce3780gcWRXWnqF709zCDv7M6CKY6ehFwScxddbfc26cMS423yS1ON69_T_YoewIdoTLg7MBKIm-bmUgewa_kcyKoKS01lZ9LcUM9k0GunVObbOZCGQmSWAWTdQ0CHMGg4eTDYz28cPA4dSGhT0d1zmZ4x60XgyvulHK55VOb0GfF3ADwK1oigQW5Vw7z-3dSUHWdAxHi51PWflVhywrj-R2v3yUGQXcmUNEjlfgtPDMuHyFJIFmca9LJSoqjILl6Z9DGJn43Aaze-MqoLuEhEwADuydLP2hrnVEq6bFqN4TYe4TP7wQI9VfmXBBDnCHSirGlEV2o7m7-odFmSCzQR2uRYdEO4cyGboD5-TACD4kG2DTsTYxwCshDvrFcJawoWhpenQCcdHuoN8PbLp0C2kkLF7TVKI8OcBVv-P7UKauDYkWfnJFlmtwgN92I7Y-oUBZ2833XDBr8ovqWWWEH3cW7ADY%26adurl%3D&documentReferer=https%3A%2F%2Fwww.rafyon.net%2F&ancestorOrigins=https%3A%2F%2Fwww.rafyon.net&random=8238664272311&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90002.redintelligence.net/request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCXbCOWUNRZdOxMZDggAeLraqQC8z5hqBp273H__cP8C4QASCqgMMiYJEEyAEJqQLSS1n3nu2xPqgDAcgDmwSqBJcCT9C5Legf9Pc61IQGZJ3sA8wnGJZxXgl25UUjWJvnxi8MhHNHMCfoDZWmMS5Cbs9VhynWoh4_4pwsvwBEPo8UJyYMTarg-KhmAU0mONT9HHYA1YA2I_Y6_8ppMdc88MZgZNugd4uBNoL__Lk4vqjwGT5RQUUi2cQT6-M5ZhCLZ6b_iMpFSH2-gYNEYWQp3GzxMLD26mLAyKKx8cio_O27zlBrKP2sk_BnInyELUIavPFFKzg52I1YMbX7umYxi3n-4rv8cQtK-OW0X0UHo_78sd88mVAda--2nImbqVE_WDof7XqD9aUcwN6Chv-UBbQZ0dKgMNcAyMFJt-OKcsaY66enIBlUNGU8U9hIDdAhnnGVYZQEzgCxwATq68yj5APgBAOIBZWv4f09kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03OTI1NjgyOTQwMjU4MDI0gAoDmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CTkziDRMIhPi0z7O_ggMVEDDgCh2LlgqysBPgm80O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ%26sig%3DAOD64_0ai5lDpZFATVbDZzpHz4D5Vk5o1Q%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-CCmgLU0y8G6gz7MXKoHP7TSHVsTBT0RTK7Z_CQNLx_tw6ylJRU82X0tzkB0r_2gqsQ109k20Mt-ReIawepPkIJYdeEvM1u0-2q9CQG7LgSaUm_rao73_V8F903qCKO8h2qWkKdHauPce1Q4FHzdz7XZIxc8zRTIZLbaz5j7ZM2-DGIB4g%26cry%3D1%26dbm_d%3DAKAmf-CawW9QCeL-PhUNMgVAw3A-8MyzvNLHFZhuL8ntaM7UZFtsB9oy6aAK0K0t1Cf1B_DwpJ8eavlCF2CTZsfB3M-sbItdP4oIJ7L2_uGDIGIus_98Ob4rIgz4s4a4Jvgqi-0GC700Txumw9PNgEHM8U-8U5WVPKyWn-EpzIRKgblNNjpq85cxemfYFJv08PTePaV0-gV-fPlKDRBZi9YbUqFce3780gcWRXWnqF709zCDv7M6CKY6ehFwScxddbfc26cMS423yS1ON69_T_YoewIdoTLg7MBKIm-bmUgewa_kcyKoKS01lZ9LcUM9k0GunVObbOZCGQmSWAWTdQ0CHMGg4eTDYz28cPA4dSGhT0d1zmZ4x60XgyvulHK55VOb0GfF3ADwK1oigQW5Vw7z-3dSUHWdAxHi51PWflVhywrj-R2v3yUGQXcmUNEjlfgtPDMuHyFJIFmca9LJSoqjILl6Z9DGJn43Aaze-MqoLuEhEwADuydLP2hrnVEq6bFqN4TYe4TP7wQI9VfmXBBDnCHSirGlEV2o7m7-odFmSCzQR2uRYdEO4cyGboD5-TACD4kG2DTsTYxwCshDvrFcJawoWhpenQCcdHuoN8PbLp0C2kkLF7TVKI8OcBVv-P7UKauDYkWfnJFlmtwgN92I7Y-oUBZ2833XDBr8ovqWWWEH3cW7ADY%26adurl%3D&documentReferer=https%3A%2F%2Fwww.rafyon.net%2F&ancestorOrigins=https%3A%2F%2Fwww.rafyon.net&random=8238664272311&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 123

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52

138 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 78.html Show response
www.rafyon.net/read702/ 56 KB
13 KB 499ms
436ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b85ef18a8a56899a2b91ad4616d8ba824e56c88879dad3c23b69697058b3aad

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8251dc87ede24d7c-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 12 Nov 2023 21:27:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zG2X1ElhGQqNXAmj7R4yN9tk4OjhxnuEIkYHA4eVstRuzbvQ7ODkCwSt3730O9RFHMMY2%2Fu909gBohRjim632cPgIzyb06FSantSl5oS95mtVRzPKTTDh4nKKO9MvkvvATW4GEPuTK15q3e%2BhA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 style-rtl.min.css
www.rafyon.net/wp-includes/css/dist/block-library/ 102 KB
14 KB 37ms
34ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.3.2
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0f27ee92a26e2bbb2393e7695351be1c91d890492943f52cf18fcfd899666ed

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 09:26:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3121
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tv%2BffLnGgN9jXK7HGo6KyLuLI4gzBiEbAYjSRwa2geXg9ZMhutn20EIQ5ol8%2FyUbqY0JL%2F0OvlrhtvVt%2FFmAK3OBzrFE1YDN0S5pFOebn%2Bc98C82fafh8kf63dzexH3VUx%2BabnDnUWKxgbsmFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8251dc8aa87c4d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/ 57 KB
11 KB 73ms
27ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3346513
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10301
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-e4d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yg70WcFuiHskRrQnHOPss%2BGB4fvidlI%2BH1NZuEuQ4FisVfu4Eaj0XMfE%2B4E5YC1plZyaOLZaMaKtQl1cX2OfFEhpnSx9IFXkvJMlZ%2BL%2BQ%2ByEvhw%2BATmvvK85S8Uv86TVQ9ry3KJDQQ2LPPZO5lcDYbev"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8251dc8aea9b3a91-FRA
expires: Fri, 01 Nov 2024 21:27:52 GMT

GET
H2 200 bootstrap.min.css
www.rafyon.net/wp-content/themes/newsplus/assets/css/ 124 KB
21 KB 31ms
29ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/css/bootstrap.min.css?ver=46.00
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 414caa66bb79bc88c1ba6a2a415d2333c0a01aab1c15f74684dfa7542a97d2f7

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Apr 2022 14:30:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3121
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EeDGaDYlbj7IZ8QHMLAIEHTyYffnFwNcUfbW9rT7XLqZlaTfoGH021x0SEEZjlOHX2TAgTTP5V2XqPLNNznUchF5nSOTcwzY6YZZe%2B7eWYEupBvznWQmoVQ%2FdhHhdSZfDmMkrmZip9dXdYVxWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8251dc8aa87d4d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 fonts.css
www.rafyon.net/wp-content/themes/newsplus/assets/fonts/ 1 KB
633 B 32ms
30ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/fonts/fonts.css?ver=46.00
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6511c49ad2da79efffa24912c9b244776702a27bc8bdd4afc2855f646b443e10

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Apr 2022 14:30:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3121
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZ3AoRQe%2F%2Bi6FrOe6fDnUYgkBO54BFSwqO%2B4naj974MzIAXYM1QAYmBQ7gyvt%2BErc7RBispC7wQ7QD2mzZErJ0lZ%2FL6INLbkiOa8Z4%2Fx%2Bex9yc0Cp6Q23vMubUc3EAUBfzcHhNrpTocGIIkVBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8251dc8aa87e4d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.css
www.rafyon.net/wp-content/themes/newsplus/ 39 KB
8 KB 32ms
31ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-content/themes/newsplus/style.css?ver=46.00
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a10c8b54e1c59596f5caa93f72615a4a67f92567abfb376bfe7ca630aa6107f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Apr 2022 14:30:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3139
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa4l4d5sMmvfIyBkBDK771Fd%2BFbSzrrZgPMk6YUmWMe9udYYHywIBMrxzTyVDt2I72HzTskzy2wjYkT464HG63znribmD%2BSfBb4QkQvKqGkO2312kXfI%2Bw%2BnnzLzGon9lt0qo4yIqCfil%2FlsbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8251dc8aa87f4d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
www.rafyon.net/wp-includes/js/jquery/ 85 KB
31 KB 42ms
41ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 09:26:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3121
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FKxSE6LrUIGrgf%2BYSSLc3h2tYpZF9QNeeVusiNfNP1hlcKk4BB%2B8gSWiLfoGOltcxiUaBWzcHEgaSAMv70Cxbh%2BIpy1%2Fs9pTH1oL8lmi3Sf7vXh3FIhf%2Bc2pVztxNYcHXw0yG2J0npVcdIhqPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8251dc8aa8804d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
www.rafyon.net/wp-includes/js/jquery/ 13 KB
5 KB 33ms
32ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 09:26:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1131
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wMQX2dW%2FqiQq4kVNebqNryMmUz6zU2z66QZb1xftasbBc4YRJk3gj5R%2BZZG7Tqm0B7Micj5Z55Hp5TAASb1YNPk1frq2uV43H5XC1SDM8%2FIY12w42orvotuE1a1H0%2FMwFeNcraETfbrm0bCoOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8251dc8aa8824d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/eea8f441-3b22-4ddb-a021-33600b968506/ 279 KB
60 KB 99ms
21ms Script
application/javascript 2600:9000:225e:e00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/eea8f441-3b22-4ddb-a021-33600b968506/plugin.min.js
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:e00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7beb67896e969bca947fdfbd1f11e20ae0e5989f7a444bc69c0eba234fd7bbca

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 19:09:33 GMT
content-encoding: gzip
via: 1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
last-modified: Sat, 14 Oct 2023 20:44:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 8300
etag: W/"745d22d01c90b3ebbe6f683118a06f45"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-id: 2LwSI_K2SoZtdd-CorJ13031hQlrPIZaHjYNO9qYb9HDWmFltkRRLQ==

GET
H2 200 183b5691-fc93-4f3c-a7ba-3c3a1f87c01e.min.js Show response
cmp.optad360.io/items/ 509 B
891 B 148ms
52ms Script
application/javascript 2600:9000:2156:a200:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/183b5691-fc93-4f3c-a7ba-3c3a1f87c01e.min.js
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:a200:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3d55476038dfe34a53d1e5be0d78fa70b2dde6720d622be9ff8b9c9008b0de52

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 20:15:42 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
last-modified: Thu, 05 Oct 2023 07:18:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 4346
x-amz-server-side-encryption: AES256
etag: "381c4f6280220ef32c8f220972fdfaab"
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 509
x-amz-cf-id: dr5sldwdDXk1HmQU5D5F29NTRe6cP4bxCsX6VgCnsGGxLvufGJ0mzw==

GET
H2 200 Rafyon.png
www.rafyon.net/wp-content/uploads/2020/11/ 3 KB
3 KB 32ms
32ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2020/11/Rafyon.png
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf993c352a9c882af60619f9ba8b4d66c442be85875d78497571023b2aa5d28d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Mon, 09 Nov 2020 21:32:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3133
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Y4%2Bc%2FMqhj2wGE7xm4WV2iJ4gvfLfMA%2FTKryeViGEfXTZDYDZFfja9Sye2ZGPTkJSAuiEyqgixOLYFydT5WgdM6Q9Dt1SbR7QUkGk%2F0Lgdbt0KdBOXgfSTFSiD7KedOO2FNGjS0pmx%2Fb8HBgsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8aa8834d7c-FRA
alt-svc: h3=":443"; ma=86400
content-length: 2979

GET
H2 200 comment-reply.min.js Show response
www.rafyon.net/wp-includes/js/ 3 KB
2 KB 28ms
28ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-includes/js/comment-reply.min.js?ver=6.3.2
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Aug 2022 20:55:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3121
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDFnAbbwgXgjDw1QaXjV5CR4K7sjokEFeGUlOQ%2BaKKYgH3xcQJk1guFnrGXHxhKiubNLNn4T1lixDJTRAN%2Bz%2BG4V997tUlyPsj7n2dwPGgW%2Byv586hGVP%2BzHxTqN9rAkpL8v%2FlDy%2BtX%2FefQIsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8251dc8ac8b14d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.js Show response
www.rafyon.net/wp-content/themes/newsplus/assets/js/ 4 KB
2 KB 28ms
26ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/js/main.js?ver=46.00
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e31ebf113144bd88c51f9344ae69e9a0533f0484c7876157b5ce7afab3f279dd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Apr 2022 14:30:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3968
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8JbQ585ECLWT1yRpXtozMo%2FoUJhzWgwvoxJRSuhM%2FNCyvY2GbpAe77pVZ5U8YGMC8DCo5nNYiCYi91ubX78thl2b98d9owPeCE1%2BHlxNjVY8P65AJeYAuppCTXD3yyV6xjDyQDuqHA5TZ9vgWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8251dc8ae8c44d7c-FRA
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK 8f92b03a-f6f9-4385-a830-859f40861b95
https://www.rafyon.net/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.rafyon.net/8f92b03a-f6f9-4385-a830-859f40861b95
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 droidarabickufi.css
fonts.googleapis.com/earlyaccess/ 1 KB
624 B 76ms
28ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/earlyaccess/droidarabickufi.css

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/fonts/fonts.css?ver=46.00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Sun, 12 Nov 2023 21:27:52 GMT

GET
H2 200 droidarabicnaskh.css
fonts.googleapis.com/earlyaccess/ 1 KB
365 B 77ms
29ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/earlyaccess/droidarabicnaskh.css

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/fonts/fonts.css?ver=46.00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Sun, 12 Nov 2023 21:27:52 GMT

GET
H2 200 embed.html Show response
www.salaty.net/ Frame 1D3C 12 KB
3 KB 219ms
157ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.salaty.net/embed.html?with-country=2&with-city=36&with-lang=ar&with-sunrise=1&with-city-desc=0&with-city-time=0&with-difference=0&with-developers=0&with-color=004040
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd39a41d0d4217a4f04f38081faf09365353cbd9f37f05008e1fe6d9bb5a8319

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8251dc8bdde7193c-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 12 Nov 2023 21:27:53 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z2yjkufH1D1Eofxdj8cJJyO3meU3TJXst1cuyBxeXYJLBx59P%2BPLGhvEft41TwFtoeIe%2FzhB3vwsfKGmkkx3xQw8%2FYTL3a53nDGIID0u4kA093FWVUTNKgDj9eoYCxKaF6%2FVWApUm3JxGfR%2Btw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 %D8%B1%D9%88%D9%86%D8%A7%D9%84%D8%AF%D9%88--800x600.jpg
www.rafyon.net/wp-content/uploads/2023/10/ 56 KB
57 KB 125ms
125ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/10/%D8%B1%D9%88%D9%86%D8%A7%D9%84%D8%AF%D9%88--800x600.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bccc77626415983950af29ea7c4b2d969a6ebaa8f1f71802f3886e9299189fe1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 11 Oct 2023 21:42:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7EoaxChIDrQ4%2B%2FhaRrkHeEUKdBcpVUZWGKcFdISDNaPYZokyjPFky7QxNyE9%2FMRn10Hdt6KXOa7AFO8MBu44H4kHcQ2sT0ss3Vs%2BgTTcMyq0auro7yVc9ca47T5ToCRSyfXvEbG%2FbV66y0HAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c00bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 57791

GET
H3 200 %D9%83%D9%8A%D9%84%D9%8A%D8%A7%D9%86-%D9%85%D8%A8%D8%A7%D8%A8%D9%8A-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/10/ 11 KB
12 KB 33ms
33ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/10/%D9%83%D9%8A%D9%84%D9%8A%D8%A7%D9%86-%D9%85%D8%A8%D8%A7%D8%A8%D9%8A-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5bc421a51791bbbee22e0de81f887fa44756eb90ef1875e2db76cff17832140

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sun, 15 Oct 2023 22:00:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4732
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQS%2Bj2HtMzoFCggrWPP51Eft1VMhcVD8gsxqIFHemGkGWThSTrdGTxxG2vaBi9C9oEJNYMRNlB6Sk%2FhrVo1hE5vxqDigtoIc0JDeGCsEM2kThoiqieTzyPis9Sntj2kbg6%2F6K43hzYQDqGtkrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c01bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 11436

GET
H3 200 %D8%AA%D8%B4%D9%8A%D9%84%D8%B3%D9%8A-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 20 KB
21 KB 51ms
47ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%AA%D8%B4%D9%8A%D9%84%D8%B3%D9%8A-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c1ac09766e0f1322a4aaafcf2192f7b1c69f26c3810f9f89f2238373decf8af

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sun, 05 Nov 2023 20:00:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2001
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hgVHWbsHq7aMN7UjDYYXCJqBVJXU%2BrOAWvjV2mISeyHeXj4umghXOWfj6yu0dhDCXSmxkJK4fzVjm7SrnT5djeicSc6k4wNnEUavdlm65CLVY1Lu8AI4PTw%2FkEaZ1atAsDQ%2BEzp1rCQNc6sUYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c05bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 20968

GET
H3 200 %D8%A8%D9%88%D8%AA%D8%B4%D8%AA%D9%8A%D9%86%D9%88--360x200.jpeg
www.rafyon.net/wp-content/uploads/2023/11/ 9 KB
9 KB 52ms
48ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%A8%D9%88%D8%AA%D8%B4%D8%AA%D9%8A%D9%86%D9%88--360x200.jpeg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e26cdf84ea6019cb4505a4bd4e24b6c8cdc08f18a5ecf7c0a8668f0af945d64f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sun, 05 Nov 2023 19:55:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3063
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qf2C%2BPs522JH8BThEVrpv%2F%2BxZOP1BpPQwRrJ6jn0APpu2PBeIZc2dJ4q7uiL0U1Oo7mkStM6vRzWdfFWc39t1WN%2FANQ2FsgmAk6HNeMp0QLb5%2FVdUXNUb%2BfgvVKTKXFilLFzJrWi%2BCAheDQzrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c06bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 8751

GET
H3 200 %D9%81%D9%8A%D8%B1%D8%AC%D8%B3%D9%88%D9%86--360x200.jpeg
www.rafyon.net/wp-content/uploads/2023/11/ 13 KB
13 KB 72ms
67ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D9%81%D9%8A%D8%B1%D8%AC%D8%B3%D9%88%D9%86--360x200.jpeg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04fd3a2305c7dc6473b7fd2feb8b73778e7d8a6f92f2523857a145c77f399259

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sun, 05 Nov 2023 18:29:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3063
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzPpYkkuNTbq2PKXKAHa7nrYR01n3BxvMJzPFxo89njYJRGlJnW1OwlvZJX%2B6NKiTRPAAF9bM0EiPZP3u6x27Y24RnkOHg9TU1lw3fNCezKmm%2Bh3CDxAEnwIgkA9XRNt%2BcBD1cnJG9JcVZsK5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c07bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 13158

GET
H3 200 %D8%A3%D8%B1%D8%AA%D9%8A%D8%AA%D8%A7-360x200.jpeg
www.rafyon.net/wp-content/uploads/2023/11/ 8 KB
9 KB 72ms
68ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%A3%D8%B1%D8%AA%D9%8A%D8%AA%D8%A7-360x200.jpeg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36d9a942cca5b9f6a701720465c53f4e92093e224af0181bd4455b20a45e0957

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sun, 05 Nov 2023 18:23:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4666
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zFBZao%2F1zwnoZhd9uzVMDgbBdRa%2BQiYC7aZvYvovZZOy6SJ1f3G4%2BuKh7VTCL6EsmHd4%2BL9np2pvWSueBIkQ%2F8AX%2BaKkpLXbU3F61SixjmF6rSt6uFKjLZPujMvu24gm6%2FOzAGDuhXg8%2BxK7Wg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c09bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 8505

GET
H3 200 %D8%A7%D8%B1%D8%B3%D9%86%D8%A7%D9%84-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/10/ 21 KB
22 KB 73ms
68ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/10/%D8%A7%D8%B1%D8%B3%D9%86%D8%A7%D9%84-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89f2d1f27a52fb515390326a25785ee499c5e84572da9ba7b7ad0807f658924c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Thu, 26 Oct 2023 00:03:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxG4hLaQ%2FhVe3zHf2b85YsUEOXNPy6l25wX9cjfpOjHF5HI5G%2F71DwPYPj7w0e9OCI9R9CSaI0PCY0D30ydFl1V5a5Nq%2F4ujwIcmBUeNBfKdPGk7SyspkSqqBxyZHxXqr3%2FrzedGWjcOPO7yoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c0cbb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 21666

GET
H3 200 %D9%88%D8%B2%D9%8A%D8%B1-%D8%A7%D9%84%D8%AE%D8%A7%D8%B1%D8%AC%D9%8A%D8%A9-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A--360x200.jpg
www.rafyon.net/wp-content/uploads/2023/10/ 14 KB
14 KB 88ms
84ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/10/%D9%88%D8%B2%D9%8A%D8%B1-%D8%A7%D9%84%D8%AE%D8%A7%D8%B1%D8%AC%D9%8A%D8%A9-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A--360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a976cc60761ae1e5d55361726238e9243fc7062e9c8b6344ec604d1152cc8986

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sun, 29 Oct 2023 16:57:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBg0zLu4aMAXeG30Eo6WzsT9JUo%2Bt2EcSSjeUJesk4fCoUX94WOBRJmKWYGINyfisLV4SJibp5oWGVbOib137zE%2Ba7Krwfm%2FSuAiV2ZJRgjnzSAmpPZYDv9kfYf5EBIIKXPTT8ar3xBwN0cycQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c0fbb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 14105

GET
H3 200 %D9%88%D9%84%D9%8A-%D8%A7%D9%84%D8%B9%D9%87%D8%AF-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 19 KB
20 KB 89ms
85ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D9%88%D9%84%D9%8A-%D8%A7%D9%84%D8%B9%D9%87%D8%AF-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7e1fce0f4ca98d191cf972d38b5f416ae0fe18ad15cf42ef4c73aacab0510dd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sat, 11 Nov 2023 20:43:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJaJi93M1s35l4tGkvvK2jDUKhulAUEj8yjWjB6zIdKzVQALoGEIblK51xzUF%2Bss4xeFWQ12t6GfUD4sUF59FLWV1oXkvUz5nGQWYJTQvGzYSToH9zZz0R54KnbbuGKWjduAaI03jHhQ2KR%2FyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c11bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 19720

GET
H3 200 %DA%A4%D9%88%D9%8A-%DA%A4%D9%88%D9%8A-%DA%A4%D9%88%D9%8A-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/10/ 20 KB
20 KB 90ms
86ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/10/%DA%A4%D9%88%D9%8A-%DA%A4%D9%88%D9%8A-%DA%A4%D9%88%D9%8A-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4d6967c4bafb227f8fd6f0c659da9297bc719b6d4b5c37216244e6bc3e0d609

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Fri, 13 Oct 2023 23:32:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wH1aMtxeMt87UMywysmy7z25p%2B37GlW%2BU6bdclFoPTMI9afgEcRi0ti3kL%2F2IzKeqlgNIO2rgm%2BtufHeWEyjfjJSfeLcZL8Wv5fUKZ0fA7y1S6FLyZrJfFxdO7U88iblzXFqirCvWYRj6jwDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c12bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 20284

GET
H3 200 %D8%AA%D8%AD%D8%B6%D9%8A%D8%B1-%D8%A7%D9%84%D8%AA%D9%88%D9%86%D8%A9-%D8%A7%D9%84%D9%82%D8%B7%D8%B9-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 20 KB
20 KB 91ms
87ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%AA%D8%AD%D8%B6%D9%8A%D8%B1-%D8%A7%D9%84%D8%AA%D9%88%D9%86%D8%A9-%D8%A7%D9%84%D9%82%D8%B7%D8%B9-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10921def84fcc2ca0978321d156b1b65940fe30b328bd003cdd6a4e4792e24a1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sat, 11 Nov 2023 20:38:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCNkA6uD%2BaDMjCxe5Qxm6vAZ9MApbyfGOFwOzbQ6nIIBRT9yi4cNCLxOCVIcqCzQAqjQxtqOMUuAFpgAvGQb8P0t0LODCuYcp1GtkNxYAtaNUO3JwEqccA8h%2FK60NSXRJZ23t4p8YAFcbnV4AA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c13bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 19981

GET
H3 200 %D8%A7%D9%84%D8%A8%D9%86%D9%83-%D8%A7%D9%84%D9%85%D8%B1%D9%83%D8%B2%D9%8A-%D8%A7%D9%84%D8%B9%D8%B1%D8%A7%D9%82%D9%8A-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 19 KB
19 KB 92ms
88ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%A7%D9%84%D8%A8%D9%86%D9%83-%D8%A7%D9%84%D9%85%D8%B1%D9%83%D8%B2%D9%8A-%D8%A7%D9%84%D8%B9%D8%B1%D8%A7%D9%82%D9%8A-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a2f962e47e4ec7e48aa29f054eae0fdf49a666d11222c3f72e04247d37a3ae9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Sat, 11 Nov 2023 20:34:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqcJqz4BKyJGbLO%2BsgDNHKRSbs8LRahe3X5WucXUf1S6T0iPnYmXbnGaxN%2F8iOHV7ZhDrYYAMCRLNzaBKMK%2FwO4hti0Dsgjr9MPEuxoR6kQVzqLgGf8crcghdzg4e93bWqc%2BWr8JdKKzBJi2JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c14bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 19386

GET
H3 200 %D8%A7%D9%84%D8%AD%D8%AF-%D8%A7%D9%84%D8%A3%D8%AF%D9%86%D9%89-%D9%84%D9%84%D8%A3%D8%AC%D9%88%D8%B1-%D9%81%D9%8A-%D9%85%D8%B5%D8%B1-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 16 KB
16 KB 105ms
101ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%A7%D9%84%D8%AD%D8%AF-%D8%A7%D9%84%D8%A3%D8%AF%D9%86%D9%89-%D9%84%D9%84%D8%A3%D8%AC%D9%88%D8%B1-%D9%81%D9%8A-%D9%85%D8%B5%D8%B1-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a195b24c93fe857115ce6c2170b8ce99da4f44daf9110842fe06fd72d19a9276

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Wed, 08 Nov 2023 00:07:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxOqX8fhJnoruUn5OsXExjn%2BAQbxMR67F6ZQg%2FEm8LmUIb4TOMXnpb3vI6YPM%2BppXTz8hMgq4UA4PvnVumr9NPqpI0qq9uaEw%2BlCAEU6BNO4EuUHRrIJa%2Fhq95IUsKAGd0X3ACoP2sF9KbER0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c15bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 16100

GET
H3 200 %D8%A7%D9%84%D8%AE%D8%A7%D8%B1%D8%AC%D9%8A%D8%A9-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 14 KB
15 KB 106ms
102ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%A7%D9%84%D8%AE%D8%A7%D8%B1%D8%AC%D9%8A%D8%A9-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9148103ca9f6c497dfde5e5342128ea3e6341e2b1469a5241947164bec5c1240

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Nov 2023 23:31:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtFiD%2BN1Ah6GaPtdX%2BkQFlHjN5SC9XceGN627F9CxKkL0iJwEWzJN5HGO5%2BiXyieuS9sOYnHvNUvmeBw%2Bu1rd5zLWwpbLzeKbTx4HnfGZO3eThDvmcAz40y42SIbf5VteMtZeD8lxYC%2F5N%2FM%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c16bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 14755

GET
H3 200 %D8%B5%D9%88%D8%B5-%D8%A7%D9%84%D8%AC%D8%A8%D9%86%D8%A9-%D8%A7%D9%84%D8%B4%D9%8A%D8%AF%D8%B1-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 13 KB
13 KB 106ms
103ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%B5%D9%88%D8%B5-%D8%A7%D9%84%D8%AC%D8%A8%D9%86%D8%A9-%D8%A7%D9%84%D8%B4%D9%8A%D8%AF%D8%B1-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f38e373a688607ccbc8503ad471aa3bb21d32725d46834eefb73980b9b83e789

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Nov 2023 23:21:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2qBdDdaYLakObDUCeArJOf2mUW4FtR4Wk%2BCjxtOwGkLDjNz2TYOfMQcOF%2FmsyiNZ8Dhm%2FJpPgSzpxJ9jopHffdZHp%2BMCll0g21crYg9%2FAXTohyfwesazVpQQhdmKuYF%2FWbJ1obyfVXgGZ5Ljw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c17bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 13217

GET
H3 200 %D8%B3%D9%8A%D8%AF-%D8%B1%D8%AC%D8%A8-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 13 KB
13 KB 107ms
103ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D8%B3%D9%8A%D8%AF-%D8%B1%D8%AC%D8%A8-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0dd63db78cedc8bee5838a6d1944c129094c97b9fc57489f5643d6da11d7bfe5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Nov 2023 23:18:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L43%2B5ojnjDQKndra17tr0ZthaFvb5KrrFdfAXT4GgBSl4V7Togz4fjWgFcH526ZNvdV%2BoblhPH6djbC91Tt5AfYrZ9ux9Gz8wqaRnlYyN4e9gVvxZYGoMoYj73BJK%2Fho20TW7TK8nrlLC3zGpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c18bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 13219

GET
H3 200 %D9%85%D9%84%D9%81%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%D9%8A-%D8%B9%D9%84%D9%89-%D9%88%D8%A7%D8%AA%D8%B3%D8%A2%D8%A8-360x200.jpg
www.rafyon.net/wp-content/uploads/2023/11/ 9 KB
9 KB 109ms
105ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rafyon.net/wp-content/uploads/2023/11/%D9%85%D9%84%D9%81%D9%83-%D8%A7%D9%84%D8%B4%D8%AE%D8%B5%D9%8A-%D8%B9%D9%84%D9%89-%D9%88%D8%A7%D8%AA%D8%B3%D8%A2%D8%A8-360x200.jpg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cb3d35b55d42ce147dd843386871c72ad7d78bd3c60a49b1099e41881556f2b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
cf-cache-status: HIT
last-modified: Tue, 07 Nov 2023 23:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1903
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GrZZ5SyCzaCDouFX%2FRuGC5gplHs9BFDUIo4JixOKhCUQa6%2BxJWnu7uCSv5OgMTMUdIVG15Qx6UB612ZvcbxybNog8rK%2FkjH8xarb2mvoLnf2gyWrGoB99wAvaPygkOsenoqvM4L%2BG3v0QlKYkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8251dc8b7c19bb83-FRA
alt-svc: h3=":443"; ma=86400
content-length: 8714

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/ 78 KB
78 KB 56ms
31ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c3e8276a03b75d40fdbc5b40e665022127cbbd1722b6de06839ca69f664b7af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css
Origin: https://www.rafyon.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 409168
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 79444
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-13654"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywiGBrpGIwspKYj4g7LTgK0X22lpuPo%2F4lxIzA%2B9%2F0wlIdetT0fCK4yeXBlWJfiKvdjRHi5J2o%2FiNYOu%2BJCKVICZfi6KXkDdpwhzLpmARGnSMQMofjGR%2Bup9Vw1TTHagRsY%2FhwT%2FFGyuTlPKaaY0mUWp"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8251dc8ba8f34d55-FRA
expires: Fri, 01 Nov 2024 21:27:52 GMT

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/ 75 KB
75 KB 112ms
88ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d66b4e8556dec780a3be1e72c2bacfac5f379f6977f2886254908e5f87db6bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.13.0/css/all.min.css
Origin: https://www.rafyon.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 436600
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 76612
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-12b44"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XfVkLC8TdlBWDX%2FxeTrYHeCIehR3VnTt4b5cAG%2FiCWUjdYCC0y%2B3Q5z6m87NdMJ3PNvRCp1%2F3vmPz%2B9gD1gvApIeBkaOeiIpptL36SiBo7r4KzDpiaYEuPta7XFiglFvb3H2xuvAoaluyGkFEOznZzdQ"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8251dc8ba8f44d55-FRA
expires: Fri, 01 Nov 2024 21:27:52 GMT

GET
H2 200 DroidKufi-Bold.woff2
fonts.gstatic.com/ea/droidarabickufi/v6/ 31 KB
31 KB 107ms
31ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Bold.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/earlyaccess/droidarabickufi.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31f02fb9a8ae77e5d8bb229bf73f473f783e8155042655926cafca211cd11c98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rafyon.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 18:06:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31448
x-xss-protection: 0
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 10 Nov 2024 18:06:19 GMT

GET
H3 200 Greta_Arabic_Regular.otf
www.rafyon.net/wp-content/themes/newsplus/assets/fonts/ 154 KB
55 KB 107ms
105ms Font
font/otf 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/fonts/Greta_Arabic_Regular.otf
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/wp-content/themes/newsplus/assets/fonts/fonts.css?ver=46.00
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f3825ab5a948a650d9276b8c3ed43db6f36ac1e7d150c134bc2685e537131b

Request headers

Referer: https://www.rafyon.net/wp-content/themes/newsplus/assets/fonts/fonts.css?ver=46.00
Origin: https://www.rafyon.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 10 Apr 2022 14:30:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3911
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dShCOVBXDDdym%2FnMKcRWI4GuSDNnt67XV9ALRG%2FRHLp4jRvgo%2FnQAJeeQAXHld05Jo6B65jBgstWHKskf0HI9081hSQqTRcISLmd0e7RMt2ct4bcc%2BueP%2F2JryXWYt9tpYMjnOFmAB%2Bka7eZ%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/otf
cache-control: max-age=14400
cf-ray: 8251dc8b7c1abb83-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 wp-emoji-release.min.js Show response
www.rafyon.net/wp-includes/js/ 18 KB
5 KB 121ms
120ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rafyon.net/wp-includes/js/wp-emoji-release.min.js?ver=6.3.2
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:52 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 18 Sep 2023 09:26:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2GujT3ppXP6gdl0CDcKiqqTe1FXsru4zFapYeg9KORa06vOSMLqGcXr814sMWrcOeh%2FWpseCoRdLABq%2BlvkmEz%2FD8XNQPeQ1vlhRARIjmuyukiKffEoHBIvNS6IbtzQurL%2FflwsZ4vKgafC7Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8251dc8b9c25bb83-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 f=sky
www.fontstatic.com/ Frame 1D3C 203 B
626 B 113ms
52ms Stylesheet
text/css 2606:4700:3030::ac43:9391
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fontstatic.com/f=sky
Requested by: Host: www.salaty.net
URL: https://www.salaty.net/embed.html?with-country=2&with-city=36&with-lang=ar&with-sunrise=1&with-city-desc=0&with-city-time=0&with-difference=0&with-developers=0&with-color=004040
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:9391 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0eda4cec4632f9fb08418ba565380acae7551a8939f1250f119f47d48cf959c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.salaty.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dePCj%2FGxJ4FDih7mFhybTScz0XHt65HXhFxKZquflvbKvtZarBo8HIGEiZypcJrCz%2BzXESDAzAx8r25rVJmFNUKEWHAX0CfWr2CqMB7E7FSdtkI6nu%2Fbctwn8sk%2FIhLbOcSO3gU5TNoIEunvwls8pqQ%3D"}],"group":"cf-nel","max_age":604800}
x-cache: MISS
content-type: text/css; charset=UTF-8
cf-ray: 8251dc8d3e53bba1-FRA
alt-svc: h3=":443"; ma=86400
x-proxy-cache: MISS

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 102 KB
31 KB 269ms
188ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/eea8f441-3b22-4ddb-a021-33600b968506/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69bcc20a0f78118f5bcdda4fba6598815b9c0ece19e3211f7505c6f0f8d40190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31559
x-xss-protection: 0
server: cafe
etag: 160 / 19673 / 31079510 / config-hash: 5108900474499610176
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 12 Nov 2023 21:27:53 GMT

GET
H2 200 branding-ads.svg
cdn.optad360.net/icons/ 7 KB
3 KB 114ms
22ms Image
image/svg+xml 2600:9000:206f:a200:f:a31d:75c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.optad360.net/icons/branding-ads.svg
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:a200:f:a31d:75c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:50:58 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jun 2022 12:02:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 3098216
etag: W/"b0a3aa2e09d4ddd83150d7bd3347c5c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=360000000
x-amz-cf-id: QfpmDRV84B3r6mby403psaGGe4YKyy8hib2v-e5cktiDdigLXa9dTg==

GET
H2 200 bg.png
www.salaty.net/themes/default/assets/img/ Frame 1D3C 10 KB
10 KB 28ms
27ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.salaty.net/themes/default/assets/img/bg.png
Requested by: Host: www.salaty.net
URL: https://www.salaty.net/embed.html?with-country=2&with-city=36&with-lang=ar&with-sunrise=1&with-city-desc=0&with-city-time=0&with-difference=0&with-developers=0&with-color=004040
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15efd616a12ec9db8a03a05228105267a5a6b20fa0aed22f642ad81d0c98a02b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.salaty.net/embed.html?with-country=2&with-city=36&with-lang=ar&with-sunrise=1&with-city-desc=0&with-city-time=0&with-difference=0&with-developers=0&with-color=004040
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
cf-cache-status: HIT
last-modified: Mon, 23 Dec 2019 16:13:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 987796
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JBo%2FRGQpEFfvMruHf8gqz6VVYk6D66tSmTWgkBBSphem%2BKAY4e2F92KUpKjE4g%2F4Vu9dcBvTAi%2Bz%2FKmCJ8bFyaTzFxXJSXcYhiH6fsDHrQANHqsHXDSSpgNPEtm4b%2FTkC8yj0iZiilj5tTJscA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 8251dc8d9fd1193c-FRA
alt-svc: h3=":443"; ma=86400
content-length: 9996
expires: Sat, 02 Dec 2023 11:04:36 GMT

GET
H3 200 sky.woff
www.fontstatic.com/fonts/sky/ Frame 1D3C 70 KB
70 KB 69ms
28ms Font
application/font-woff 2606:4700:3030::ac43:9391
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fontstatic.com/fonts/sky/sky.woff
Requested by: Host: www.fontstatic.com
URL: https://www.fontstatic.com/f=sky
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:9391 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a6f4f68fdea10f9ae1d3c1d858fb2dc4e361528290d4c3a9a3404db3f6afbef

Request headers

Referer: https://www.fontstatic.com/f=sky
Origin: https://www.salaty.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5174
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 18 Jul 2019 17:50:00 GMT
server: cloudflare
etag: W/"5d30b148-11764"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGEuwxUe%2BKW4noHB1AjB%2Bbg7h70TwCXK3dnNW4LEcvOcF2UDc%2FpLk7hjoNMzxkbqVD0wR5oPOs%2FT3r1pq9nNSxN4NWkC8oBRQFNS2tBPNMTBkygrlHyMe1UyL8Cm10fem6AouKCFGUuvzp3Ga9fFYrY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=432000
cf-ray: 8251dc8dec0e9220-FRA
x-proxy-cache: MISS

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/ 426 KB
134 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0691590289efab8aecb842f768940fb34fc23791ca890f77b1e6b7aeec03126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 10:40:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38835
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136626
x-xss-protection: 0
server: cafe
etag: 12374074705736737879
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 11 Nov 2024 10:40:38 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 56ms
15ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 06:38:57 GMT
content-encoding: gzip
age: 53336
x-guploader-uploadid: ABPtcPqNl0_c7mOVHVehFbpvBDCYrlpMq3zlKY0iT8ZNCSTUmKqOFKvvyge5cYXvjpEp3qctN1IhbOKtoVDeGx23F8-Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Mon, 11 Nov 2024 06:38:57 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 64ms
24ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-a9a7"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 13 Nov 2023 21:27:53 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 147 KB
32 KB 87ms
31ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b02f712bafaaaf093abcbe50187969700636642c4a9b659974eae2da90b2f914

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 09 Nov 2023 09:47:12 GMT
server: cloudflare
x-amz-request-id: 8NAY9CEP4K58PBK3
age: 3575
etag: W/"c129d5681852fdb4346e144820aba0c3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 8251dc8ffc5d2c7e-FRA
x-amz-id-2: d0azhfnEcU/TUpFgE6nVHHy8jws3bGlEuSPwOn/rSNsneWoaCieMobIeeKsXWRJFcEYnH87HNxk=

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 341ms
28ms Script
text/javascript 2600:9000:225b:7a00:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:7a00:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Sun, 12 Nov 2023 05:04:05 GMT
Via: 1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P1
Age: 59030
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: Jda8-9K01RIX2uQAe4fxXidZJNEaOd0HpQDJT5YGMv3b3snHXz8Ibg==

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 76ms
31ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 19146
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230066-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4A0in58ASRz5YReHMSM1kVqSRhwo0IbhlODz1r0uUYKVVsrwr05RLHz4%2FQlWaP8FpRtxhdfLgC6ayocMWwJC9xLNgnKj6G6qQQ9mWJD%2F8OA7Nto9KHfjEbpmM%2BvZDVrUgZlZN%2FUsZKO40qd%2B6hI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8251dc8fda3418df-FRA

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 92ms
23ms Script
text/javascript 65.9.66.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 04:25:56 GMT
content-encoding: gzip
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 147718
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=216000
x-amz-cf-id: W8tRCorJL7-tow2xSh-PyurFCSeO_WZRtKsBZTsqPVicIz8gAT1fuA==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 67ms
27ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: e6a7ab42e2a516da491761ce7945867a
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 108 KB
44 KB 795ms
794ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4283869649411140&correlator=548575286808983&eid=31079233%2C31079510%2C31079527&output=ldjh&gdfp_req=1&vrg=202311020101&ptt=17&impl=fif&iu_parts=121764058%3A22713825117%2Crafyon.net%2Crafyon.net_o3b_display_sf_o3b-new&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1699824473506&lmt=1699824473&adxs=436&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&vis=1&psz=0x-1&msz=728x-1&fws=644&ohw=1600&ga_vid=167110315.1699824474&ga_sid=1699824474&ga_hid=2001549091&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQYn6u8q7wxSABSAghkEhsKDGlkNS1zeW5jLmNvbRifq7yrvDFIAFICCGQSGQoKcHViY2lkLm9yZxifq7yrvDFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yn6u8q7wxSABSAghkEhcKCHJ0YmhvdXNlGJ-rvKu8MUgAUgIIZBIZCgp1aWRhcGkuY29tGJ-rvKu8MUgAUgIIZBIUCgVvcGVueBieq7yrvDFIAFICCGQ.&dlt=1699824472732&idt=732&adks=2707343403&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

475fd532f80a36494ddd71f67913b28bf62763f3d63045613f6e2bcd1f647f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:54 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44810
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rafyon.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 68 KB
15 KB 337ms
336ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4283869649411140&correlator=548575286808983&eid=31079233%2C31079510%2C31079527&output=ldjh&gdfp_req=1&vrg=202311020101&ptt=17&impl=fif&iu_parts=121764058%3A22713825117%2Crafyon.net%2Crafyon.net_o3b_display_si_o3b_s1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x100%7C600x90%7C600x200%7C640x100%7C640x200&ifi=2&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1699824473514&lmt=1699824473&adxs=823&adys=576&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&vis=1&psz=0x0&msz=300x0&fws=644&ohw=1600&ga_vid=167110315.1699824474&ga_sid=1699824474&ga_hid=2001549091&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQYn6u8q7wxSABSAghkEhsKDGlkNS1zeW5jLmNvbRifq7yrvDFIAFICCGQSGQoKcHViY2lkLm9yZxifq7yrvDFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yn6u8q7wxSABSAghkEhcKCHJ0YmhvdXNlGJ-rvKu8MUgAUgIIZBIZCgp1aWRhcGkuY29tGJ-rvKu8MUgAUgIIZBIUCgVvcGVueBieq7yrvDFIAFICCGQ.&dlt=1699824472732&idt=732&adks=3802355822&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

702662ed5ba202f0771642b44b12f7b9f04d2e1712dcccddeabc8655476e1940

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15444
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rafyon.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 26 KB
12 KB 503ms
503ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4283869649411140&correlator=548575286808983&eid=31079233%2C31079510%2C31079527&output=ldjh&gdfp_req=1&vrg=202311020101&ptt=17&impl=fif&iu_parts=121764058%3A22713825117%2Crafyon.net%2Crafyon.net_o3b_display_si_o3b_s2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x100%7C600x90%7C600x200%7C640x100%7C640x200&ifi=3&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1699824473519&lmt=1699824473&adxs=823&adys=1313&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&vis=1&psz=0x0&msz=300x0&fws=644&ohw=1600&ga_vid=167110315.1699824474&ga_sid=1699824474&ga_hid=2001549091&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQYn6u8q7wxSABSAghkEhsKDGlkNS1zeW5jLmNvbRifq7yrvDFIAFICCGQSGQoKcHViY2lkLm9yZxifq7yrvDFIAFICCGQSHQoOZXNwLmNyaXRlby5jb20Yn6u8q7wxSABSAghkEhcKCHJ0YmhvdXNlGJ-rvKu8MUgAUgIIZBIZCgp1aWRhcGkuY29tGJ-rvKu8MUgAUgIIZBIUCgVvcGVueBieq7yrvDFIAFICCGQ.&dlt=1699824472732&idt=732&adks=2974286040&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0e164a9ebb0c15e7b6f1d1b6216b21bf6d566e9d009233ffc8a9185cae227ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:54 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11898
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.rafyon.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A377 6 KB
3 KB 131ms
54ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:53 GMT
expires: Mon, 11 Nov 2024 21:27:53 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&rid=esp&cc=1

85 B
203 B

113ms
113ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&rid=esp&cc=1
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 08b3fc8ab4ac100947518d524b28e12a545832e69d38852029ee851dc837676d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:53 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-wO65NScNs6qN+JIHS8EtbXEprXs"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.rafyon.net
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sun, 12 Nov 2023 21:27:53 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.rafyon.net
location: /esp?url=https%3A%2F%2Fwww.rafyon.net%2Fread702%2F78.html%3Fhash%3DYW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw%3D&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 74C2 15 KB
6 KB 47ms
14ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=www.rafyon.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:53 GMT
server: Kestrel
server-processing-duration-in-ticks: 288020
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
230 B 80ms
22ms XHR
text/plain 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.rafyon.net/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.rafyon.net
date: Sun, 12 Nov 2023 21:27:53 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
335 B 103ms
31ms XHR
application/json 54.194.163.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.163.10 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-163-10.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: bfd2899911ac644593b3c7eca3c60296a4acc922d2d7b31aebb10ca02dd7fb7c

Request headers

Referer: https://www.rafyon.net/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:53 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://www.rafyon.net
cache-control: no-cache
x-server: 10.45.15.124
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 74C2
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=rafyon.net&sn=ChromeSyncframe&so=0&topUrl=www.rafyon.net&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=EIzUU3w3am5OWXIwajRTR1V1T3ZXUTNHK3JtVkFMZ1ZWWUIyMzlmTU4wd0dJMCtMcXVKNkpnUTRaUEMrMXp5a0UxTHVEN1ltY0RqcHVsRG8vY3kyQy9vZUF1T2k3cTZyanBvZGdtOXR0bWlnTWZIREhnSHNGVkR1WHBMej...

417 B
646 B

16ms
15ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=EIzUU3w3am5OWXIwajRTR1V1T3ZXUTNHK3JtVkFMZ1ZWWUIyMzlmTU4wd0dJMCtMcXVKNkpnUTRaUEMrMXp5a0UxTHVEN1ltY0RqcHVsRG8vY3kyQy9vZUF1T2k3cTZyanBvZGdtOXR0bWlnTWZIREhnSHNGVkR1WHBMejZxU2dCdFlGWExMMytkcFVDSFo3NlFQNFVVMkMxWG1SL2dEWmdzT1ltYUtBY0NvOWVHd3RpVDB2TTljVldBbWhTWDROd05ISWkzOFl3WlA4MGFsUERsZmdhTXhuUDZqUlVoYjhDWVV2dS9hTUJSM2lqdFVEUTVZQ1FGS2dkZEFYNWRqZVFGeGhyakhaNXN2VDNhZGtMUTBKM2gzYjJKZz09fA&cppv=2

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a18ced1ed8495346815438bdd1bd7d7d15f812cbfb087384b1a96ec18ad54a72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:53 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1289481
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:53 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=EIzUU3w3am5OWXIwajRTR1V1T3ZXUTNHK3JtVkFMZ1ZWWUIyMzlmTU4wd0dJMCtMcXVKNkpnUTRaUEMrMXp5a0UxTHVEN1ltY0RqcHVsRG8vY3kyQy9vZUF1T2k3cTZyanBvZGdtOXR0bWlnTWZIREhnSHNGVkR1WHBMejZxU2dCdFlGWExMMytkcFVDSFo3NlFQNFVVMkMxWG1SL2dEWmdzT1ltYUtBY0NvOWVHd3RpVDB2TTljVldBbWhTWDROd05ISWkzOFl3WlA4MGFsUERsZmdhTXhuUDZqUlVoYjhDWVV2dS9hTUJSM2lqdFVEUTVZQ1FGS2dkZEFYNWRqZVFGeGhyakhaNXN2VDNhZGtMUTBKM2gzYjJKZz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 215372
content-length: 0
expires: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 7D95 0
176 B 61ms
19ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Sun, 12 Nov 2023 21:27:53 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012310301456000/ Frame 5761 196 KB
56 KB 110ms
19ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 10 Nov 2023 01:33:11 GMT
age: 244482
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56081
x-xss-protection: 0
server: sffe
etag: "6a17d296884b026a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 09 Nov 2024 01:33:11 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 5761 15 KB
5 KB 143ms
53ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 09 Nov 2023 21:48:00 GMT
age: 257993
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5225
x-xss-protection: 0
server: sffe
etag: "0b7142e00666043e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 08 Nov 2024 21:48:00 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 5761 95 KB
29 KB 146ms
55ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 11 Nov 2023 02:17:33 GMT
age: 155420
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29077
x-xss-protection: 0
server: sffe
etag: "7b1f1965b6cd6fda"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 10 Nov 2024 02:17:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 5761 5 KB
2 KB 153ms
63ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 09 Nov 2023 21:19:37 GMT
age: 259696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5b0a82507b260c6e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 08 Nov 2024 21:19:37 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 5761 40 KB
13 KB 154ms
64ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 09 Nov 2023 22:30:32 GMT
age: 255441
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12952
x-xss-protection: 0
server: sffe
etag: "9817e561a46c70fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 08 Nov 2024 22:30:32 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5761 14 KB
1 KB 30ms
29ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 12 Nov 2023 21:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 12 Nov 2023 20:12:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 12 Nov 2023 21:27:53 GMT

GET
H2 200 ar.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 5761 3 KB
3 KB 71ms
23ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ar.png

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 00:42:34 GMT
x-content-type-options: nosniff
server: cafe
age: 74719
etag: 9421415325968714010
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2737
x-xss-protection: 0
expires: Mon, 13 Nov 2023 00:42:34 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 5761 344 B
714 B 66ms
18ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 06:58:21 GMT
x-content-type-options: nosniff
server: cafe
age: 52172
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Mon, 13 Nov 2023 06:58:21 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/5484163921067881511/ Frame 5761 2 KB
3 KB 67ms
21ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5484163921067881511/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25789dda889deb19cab21ecb31239ccaf76630fd5f70d27c95c2b6b99187a43c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 19:10:50 GMT
x-content-type-options: nosniff
age: 181023
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2462
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 10:53:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 09 Nov 2024 19:10:50 GMT

GET
DATA 200
OK truncated
/ Frame 5761 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6bd00a44a456f30078ee922c40a88137e17d0e3b28a6ca770ef069ed9bd44fcf

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 5761 33 KB
33 KB 31ms
30ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.rafyon.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 347162
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Nov 2024 21:01:51 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 5761
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

62ms
35ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H2
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Redirect headers

date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 container.html Show response
2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E7E8 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:53 GMT
expires: Mon, 11 Nov 2024 21:27:53 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 126C 624 B
527 B 109ms
59ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiEp7zGATAB&v=APEucNVU-VQ5Ca3cvnf-V8u7-UeQXkEgufYjB2diWF97BuDnCM_iJ5ZtTARzGIUOaGbHNivzJNxW9LHKQgO7cVRk3TfxomIPQB7OhaQKOGJmBBFINRjl0JqUdgKA2rFOQ0MJoi2fH5wfsn5r0VjzjZI43TO9sbUCQevm2lDFxw6ezhC0SHa_BkxBrAn7eYrAGvmlsvPGgvRN5kHrgFaxjmDs159LPtDAXA

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:54 GMT
expires: Sun, 12 Nov 2023 21:27:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame E7E8 89 KB
31 KB 153ms
105ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 12 Nov 2023 21:27:54 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7E8 42 B
110 B 103ms
55ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AfiCeJRlsOCLzYYPVyrkLC0Xy8eGpOJAIMYFhjHJLEki1gtsQJ9f9pwXukHz5c4x3aGNyK72EU1gUIgLEc8XfiBeMK6BCdHVzZVKVrPUYOsYsLkaI

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7E8 0
349 B 102ms
54ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18374028683195890170&x=1&ct=77

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/ Frame E7E8 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 17:30:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14221
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 17:30:53 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/ Frame E7E8 20 KB
9 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 18:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:27:55 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame E7E8 199 KB
63 KB 47ms
34ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b4cc063a23b35749b179b99bdb852c968aeca98886d97d6c32961edae25adff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64401
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699570296391874"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Nov 2023 21:27:54 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5761 0
0 65ms
65ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdjUvWUNRZYuuI9f_x_AP0vSl4AvwiZeDabeimea6EZiS-IezAhABIKqAwyJgkQSgAeeCg7koyAEBqQLSS1n3nu2xPuACAKgDAcgDCqoEwgRP0EBWSP4JbZ5prYQrU787q8-3p3g7ef86PlfHgMZr0g2poxFMczxTFjjwHqsl7fGZr7g071AZz8DBt4Bf2Wb7bzGr7bWFySJayfjUsNbHfJhA0dTFwSZVcUf-TettH7ktXkMD6GZqbG-2cfeAZhs43-7-C_Jq3DrjZXck85yT6J6NdN6ezPdbT3sh1aLKtDCSaqiXXIy4h7sejCu0XRsUuBmnLHPnZeBn9V_6hjO4OU0lPXuDifxNL7WmPFfRdoshXx7_BxY0L4I-RenXwpLg1UZMMWMCseb9yIgIiy16XF_d9kXXWiLaEnQgacgMT7gnyXF_PkEYSs1DQP8j1kHTaAUraNqXSUCC4kRAptJGeeiwL_Eml3BNjrBTtWY9OQhHwC8IT7Gw59oWJ9b4M9aJzfuOzXIl-WB9KgZdVTQ0fVCe3TxkD2WHnLnvJh8wT0HZf0TkBWg9oet5hYEhxqx963f7DcOEe9XBZ8a3LOe81uBFLQ6gU87S6KqtpGMr-OXGuPj1qc63ZtNgvPDa62kXK1W2Zx3JRRVrFugEB1SSjqAg-eqJaSY_wHt0qT92oXbFOgTcOXGRJPN7hpQ1n3gQ7C588SS8xsv5NmZBsTAB9eglMlhiWY7UlS7WwGABuqGhBxaTkhKeK6FHhmuOIZTaNzFut9X4-hVgF_q_KYOfd8thw9CIym4fqqajU2_AAokVEpCyG8JxY8Omvsxnru7f-HYDI0h6jBXG5xhoSEn5gqbQzL_3IfBikZkgzyP_YOVKHMAEv5-Ihu0D4AQBiAWjlNTsPJIFBAgEGAGSBQQIBRgEgAfnutOYA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEJvLA9IIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTc5MjU2ODI5NDAyNTgwMjSaCR5odHRwczovL3d3dy5zcG90YnV5Y2VudGVyLmNvbS-ACgPICwGiDAwqCgoI5LSxAu61sQLiDRMI-O60z7O_ggMV1_8RCB1Segm82BMK0BUBgBcBshceChwIABIUcHViLTIzODIwMTI1MjI5NzkxMDgYku8h&sigh=gQd09xUS2Pk&uach_m=[]&ase=2&nis=5&cid=CAQSTwDICaaNNK_NdCoKSccf7r6fiAylsJ2T_fKcDZDSgy3TsCrCp-vHRcDU-op4m5Jv-C7at-5mTvYafVdUG11md52EVeu38zkKWrCHvmEHdSgYAQ&template_id=5001&cbvp=2
Requested by: Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 126C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1

43 B
769 B

42ms
42ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiEp7zGATAB&v=APEucNVU-VQ5Ca3cvnf-V8u7-UeQXkEgufYjB2diWF97BuDnCM_iJ5ZtTARzGIUOaGbHNivzJNxW9LHKQgO7cVRk3TfxomIPQB7OhaQKOGJmBBFINRjl0JqUdgKA2rFOQ0MJoi2fH5wfsn5r0VjzjZI43TO9sbUCQevm2lDFxw6ezhC0SHa_BkxBrAn7eYrAGvmlsvPGgvRN5kHrgFaxjmDs159LPtDAXA
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBOGrx73xWRI6hk7D77VSpuKkOsi9bKey0sKT%2BJrRAGf8RsBeUO%2BDrN%2BaH6ZxkdU0ezhsS8AJ3LhsCCHJxcWr6hGYUqdf5LvKoX8FnUr9X9m9Q65EDseow1j9pnq6TGkntnZ0cjgPlyMNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8251dc94d9b02c77-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 126C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVFDWnYHXypzGT.X5u4WZwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2

43 B
733 B

36ms
35ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiEp7zGATAB&v=APEucNVU-VQ5Ca3cvnf-V8u7-UeQXkEgufYjB2diWF97BuDnCM_iJ5ZtTARzGIUOaGbHNivzJNxW9LHKQgO7cVRk3TfxomIPQB7OhaQKOGJmBBFINRjl0JqUdgKA2rFOQ0MJoi2fH5wfsn5r0VjzjZI43TO9sbUCQevm2lDFxw6ezhC0SHa_BkxBrAn7eYrAGvmlsvPGgvRN5kHrgFaxjmDs159LPtDAXA
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZISstQdWuFjAc0BzIFpffEsebMhKIZz2Ihi6ZVb57gwNo3LjMQyHjAaf%2FVsAfCBEWYfM%2FbaenVifg4ze0oMR%2FqEzBKGE8uwElQlWEX2yw5oV5637VtAWYy5rrTcpZJUp4JOQ7jVNR2h7A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8251dc9509eb2c77-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 126C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1

43 B
835 B

13ms
13ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxiEp7zGATAB&v=APEucNVU-VQ5Ca3cvnf-V8u7-UeQXkEgufYjB2diWF97BuDnCM_iJ5ZtTARzGIUOaGbHNivzJNxW9LHKQgO7cVRk3TfxomIPQB7OhaQKOGJmBBFINRjl0JqUdgKA2rFOQ0MJoi2fH5wfsn5r0VjzjZI43TO9sbUCQevm2lDFxw6ezhC0SHa_BkxBrAn7eYrAGvmlsvPGgvRN5kHrgFaxjmDs159LPtDAXA

Protocol

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
an-x-request-uuid: 5dd779de-c227-4ab9-aec8-00f7ddde4762
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.79.98.39; 5.79.98.39; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 126C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D

170 B
409 B

40ms
29ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
an-x-request-uuid: 579736a3-5a02-41f3-a403-35af1f1b33ef
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D
x-proxy-origin: 5.79.98.39; 5.79.98.39; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7E8 0
56 B 54ms
54ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3598709792040&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7E8 0
56 B 55ms
54ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3598709792040&version=m202309260101&ct=77&x=1&cor=18374028683195890000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E7E8 20 KB
14 KB 65ms
63ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_9garDlRZNqAG891pd8A9RVFoNHALSGUeAjuJICXbf6pU9PVfCWknCdIKFv7n8eKJ61mW4-3c-1JvDW_U_R-wpn0H7hRS7lMz5zJrSTB_upzRcv-60qyNN6-w1IhOQpEYTdeih_J9UTZZ5IJS0wtj7if8iAJk1B8cNdbqMJ2LieXT5Cw&cry=1&dbm_d=AKAmf-BU15ffEsy5W_NjQbt28aUQz6X9kqdzb7ovPuUjxiVAkDTb-XZ_wFq-MEW6TLzKNABC4YcZpNA-fadSKG-yRiMcY1vGIPQBnbJAQxt4OkR0PkwuU0ARaFDXS16ewCBholK7JFtxEVoWPzrqSAT5BMJfqwlOZDf_Gdhz-QTaO1OFAFc-aeu4ym56Sfao60eK3czMNEPqR_UB3sBpvlbXjYuJSKTaPeTIM8ryuOpBtelfy6AkDnh_8lQwrKLVpyEHM_Gs1it02cZ3xQs21ao7OuVeIcq80HHKwZIeyw4I1KK7Yj-_z8Bvf3k2CzNiRAeHCLj2BhCLp_aIIcN0lf4J3--ORYvcjR453FUcLVLWofmOrEdeXXxSQ0BtYujLNZ4fCOIskmiYAFrwaJe47iT-dDmAnTFKyHanOO1rNHre2_v7aGUKkLX4TonA2sywLV54WJLsJVmW_kqWMMs6vYBumaLN2PPWw-rd_XAEW-x4zpGqRjdsq23tOBt8lBsYZRer8ikR7KGQ8p6PsQY22WhM0f6nKP7sCLbuv1eKNjTAlaEIfbNTrVaqGG1Tf9ccgX9F7CuZjU0KfvVN5-o6s3yuvz8BvJh-hfcS5l7vJtc3_OFdhNxvpEMk7ivRv91p1SwC2Wak9q3PdSj20_lKMrPufXyFw9Rpij9ffMVeU_MeCA6NIQGwJs1mz9jM22VrkgxJJAS4mF08TqWLzk9qLPUylvty7Ol90B2-vzaUZYomoeZNLYiUl_jTB06hW5en2AbfDJxMeymHZTzAc-p_xjDHCRoghC4EVlgJ6de0OTzO3U6xaloBK2YSq8zq1Fl1TKNRB94Tht5cohwfRwvLm_xN-eEWmb8rdBTu6CWs0QzB_eOVbbif6YBr9N7g0egc9M9wkMZLGsAzxSOOU58dMRLB5ywOnVmL6IwgR6Kzq3nKyHJqeez_DIgzB8gpTY5lW5Zz3Fiyigxo3vj9GlTAOVx4YrRzejwmeVPHQkOm-BTMXgZi4IgP1N8vMFB8Mzsm7C7646_UJ9Nmf9hfG56b3ApuBWrhCHzoiwQ2XEFudh81fx5V4x4j2B2huJ2pMHPtiAQoX_vPXOhflxnc_nMOOvvI7bAMqw-6EK0cF7eiShU6g8dkl-nI6f2pCtLwkfHvCeSV4ozD3zsBpwNIInOsihquTpSISAX9zjSGSwDVNFny_xdY0omlyj0MbPRr4wYFYDXWAvBuARLdnWvuR3WkDVvFEhIrAKfUzZcbKegRX8sY0Vq4pNDYvuFjTggkiCvkBkERqWsEcacywr5ES8n6sVqFIwGxy7mupxdBZwble03PnCsYO-8V097PXqUN2mDgs9JBv2ZCST5ofCdK85Qnuc2EojYSoT7PhLz29q7RbnpB5qsfuvWb9e26QqogT6zI3ocV3yOkMAJUrk70mijSFIG0qtHk1uQG5JkgXfUM0k8n_VgIIOtdhtbOJz4L0-RwL3s9dWDsOUuZn3VDrvVcbllyOADHIM1eR_ImQXNfwv4ThQlOQJGqjZTgnwiwCx5bqnPoMxbqhd5DkXfeQpc1hOZn6traJQIrlLGj37tpC4wcwfLC4isvhe-0-ZlxyshiqhdA8nJb7FF7W6W6lPpnHhGMwyTjdWQ_KYjPxVqejt5BNRLqTA_40jhU4Rzal2sWz5pu5wxcuo-L6SGh3Q916vVTlzfdeW5Ho1vc-P_sISr42LTzFXxRDLjwoinRen0yPkbXFgkKIxKSGDfaC0BmW5QMX5GH1NuFVxZ_gypYD62gtqd5xXyOz3QBVzKOK4VAWXMUT6PhJQ66J4bbT9yuLtFqWqq4RB3b9gPRR_1gpkdUwOhmFOPuebOMmUVrLFim-IB5HDtzCCyd8yEYFja1B7BErTMZzLR2-BHHb78iqnlvUOh1BgeQaZ_ZvgbRoAE25O7-MfjvazoJIIm5sks5Q72n2bcoPVBjUAB5IGv4y7UxqvKqWF5fJf72-5YIEcB-N1XrbnKZKLXfPLKfJzK2xEodcuXR4WnUaoyGogaV9cw6BplxDIwkkZbDLcbredb5lFgfiiX4v4tZonqcvjVyogXQrflflbJd_9QhRmZRX_Y4yeqlnuq3rQCTbZaxc4WpMxYnz08V7ODCIs4EJszvDP5NTS6Ynm8toFkc-gEcbw7h1OwxztkXQmcXyXz4s51XLGsnRm9E4gqGuDwxvFgkwnAt-dHJ7SV_v4ww7YioTVPbUip4nlryZwM-xdSpL64l-RmOwE13HKvLONaFck9dxOtMKgVYhRVw3H3P3zLLSAMu94oSoN3P83QsI7dFYz6LeL60xiaIA1lnNyMHckQAi0XUmjP8wjdBRVnWOHJhXM5xKs3mk7GAIDSI6dtJeBP_t12s3zpaUSycHhdolpejCHt1reUuIwYxunde2SKrKj9Ixw7TB3dy5R0BmmsqXThsdw2YxTPZALcL8sonRPgwn7-IYcBMU8dVovNgAUPRQubv4CMJws8BQoGE_5bR4Px4VdtuvZjWvfEEAqQL-n-nBY5J60vX51m81d0eJJgbWuohVwAcc_GziHp2Dgai0-QhSrgCFhjDTbJrqdQwWmktLDoLmNBDpuOnEc9lSUd-rsWgxtKb9uq7ZMJ_snZDA-4-nDUlBu6EQbEPJ1bHS59ziKpP1WVFcYekI_4NyZXlMtFrl_zvsVxt9qvZDFYZoVc1mkvRmb45YK07_oKCxWreU-wI9n79vms7pIqWLrk4P5hEOOWO1lra4FJkUxroOEE9vguQ0aNZxYwvPLqUD_wPDXkhjoNIM40_XEx_02_YjFYASicqdXqB0YncCR0Xbkl5TjLEPzZuBcXdbQXp_jppBjX8zYU1nNfq2fuIqhHdb-cVtPcKsHgheEdIWaxPmGJ8H2ZAGvea7CXaWCRfUWr2vv5Ly2YzXi8Y87ggYip5WIRHfbypIbr25H1Cn1H82Wj7rSHlNpm4qpUooEi8AsC3TL0Y-QhwBeqE8xbQkCbO-str05R0VWoNy-8S0bSd2on4tp5K0cJQ1utdfYK4ILEud2b1pOYwgdGABUuB0JregLmRXerYZPW3d-acfh2miQT7T15_uph1mJ1s9GVWx1ndk1KyF6z-iCMBZWYFevPGSfvwhjI56qJe8LRVls9W5cfDn6kl6U6ZKZmodLGOG7E-Jkn6thNAwa4OZ9xeFBaVsPSuPlmYZvFjzl8NNgS-7bVgd2tAQUFKDhEM6v-tGun42JofFK1shcTkFKz6y6_IGD9a15L5eiH2Xz28EY-1oEvPahyfwo-slenGvL5G2ItDMxm_qmtbap_xUlBjjzUkfpGQ3yKKQGlfcMNwdsBHCq4j_7hb9rPmuEZKf3bxOqdK9fW2FS_-gKOXK5Jv3zi9a-ptfpy05V6NGErmbFr3g0xN30iyewaqhiP2hY1PS6xaGfRYYDV_MUwmpQ7gBY40XuCTmFenSs05ob_H6GVPCkrKl3wvbpswMNUIV1Iv5mEaKlk107Pxki3iNVZ3UYvf-Kqn4DqW5jLBMDZDjqD0LrfnCBXuDECVpkjsahzXYIZ2e-Ig3MDVJ3prEcxD5qH8ujy16ZMb3Vcf17rsekTuIbiKXSgRN0fzlkOL8aekaj0-uJb0qNkrPjG2176sohRM1XYNdmAh2r-fBFj_NduUAjrMGNlSc0SA7sim5UDq4yxnRX20AxqBZS4Z3jFL9_xaFBOL1SpZcg5oUSJF75WKK8snut5KYmg9sNP8osoOaN5-rYiVzMuA1PSP5MUW8-ysWhKPilIU0Y57asY1c1PBur8uYq7gKheEVwzyVy8hIiPMurrc3lpuzWVSJ_rsPwcNyF--opAMXngP7cpzhWYjVFQxW7cgHwVct-vdgBZI0SGlo16kbdqNaIh7RE7z6D4MImi-yIYY67b63zeLiWBhagd0xUe6zKSR9sy86B0_27frkBhvYEMVhSDeq-8eeOBAQjH-znCeFtfpgKwej0Sy1dHdk9tjcTyHrMczjBsTMHfgSFVjw8W2cfFzbDP0EH7XIqgOJMcRcyyT20Cs8LgNqgaih27sfWkrl9x78VPyEjcmgwJa2C07owQc6pb2IFiJjP0jnXnvVqbxqyiB4PqzNdt3zXRzy9rnrqM_JmKj38JBp9slTDqc88QjrdUBfAN-jX5WWBpYBsxyN8jppUas-gQsxq8LWvqHNtka-QKADtntDXQsHxY7iKV1xkYe0DPV4wz9Amie-y8WNxIpy1J-PiDkmcbWDpg27vEjTgmd0MogroidnQ3kg5_AJjhmiRAudJ6UTJFx0ilZmIW5pxtZC_mOESebhcrihJTuZBthkv7m3ea-NnPacXZZmMK7qNgkOvtxUnoH4hXmILbq50VhD8mKJTYY0gPoSLDYZn_i8E2AOf7_WvVbIUKrnlgTlOQ_s_GZwoLkoxeqcIMw5cyxhh5zc588o2OnUZqATb3pRyfLqFrxRuBJORYzxA&cid=CAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.rafyon.net%2F&ds=l&xdt=1&iif=1&cor=18374028683195890000&adk=2228999115&idt=166&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c00e3cf2c18c9259b4ee51adf37fa8f416a6a35201b2b9c2aa5f7457cdcb428

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13846
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 73ED 6 KB
3 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:53 GMT
expires: Mon, 11 Nov 2024 21:27:53 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F95E 624 B
245 B 70ms
70ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLWwChCPwUUYvcWc5QEwAQ&v=APEucNUD29FrLvrn8FFt9N8Vd5u7nxRcB3ocgAvToyz1cqdML-0qKm6kAHixjVJJeingClujR74_y-bOM8S-8QNoHk7CDo_hNgChA7JldNQS1SrkOGB8sRnSfBEu9mOdm8ZjYhe8vRT44jPY0YU1UStN4uKASbCKpwcqDUvQIQte7Pkx9uTG524yvaIuBNJoIfFCXBhnwxHP5eoE2wEF0Glnu5kr939Kqg

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:54 GMT
expires: Sun, 12 Nov 2023 21:27:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 73ED 111 KB
39 KB 95ms
20ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Origin: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 05:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56624
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 13 Nov 2023 05:44:10 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231108/r20110914/elements/html/ Frame 73ED 7 KB
3 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231108/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 18:31:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10579
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:31:35 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231108/r20110914/ Frame 73ED 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231108/r20110914/abg_lite_fy2021.js

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 18:19:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:19:17 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 73ED 41 KB
14 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 05:44:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 229423
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Nov 2024 05:44:11 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/ Frame 73ED 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 17:30:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14221
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 17:30:53 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/ Frame 73ED 20 KB
8 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231108/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 18:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10799
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 18:27:55 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73ED 42 B
63 B 53ms
53ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CsMM0W5qFXINhlexOGNjQrPICnFa8fVcXB7itluW2H3I-uiM7FJITVbPid4vnLN35HsKbMTcTpUZPS0Ks4IfWVzVTahr1AJr5K8pt40ckW-ZiHenM

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 73ED 199 KB
63 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b4cc063a23b35749b179b99bdb852c968aeca98886d97d6c32961edae25adff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64401
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699570296391874"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Nov 2023 21:27:54 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame E7E8 41 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_9garDlRZNqAG891pd8A9RVFoNHALSGUeAjuJICXbf6pU9PVfCWknCdIKFv7n8eKJ61mW4-3c-1JvDW_U_R-wpn0H7hRS7lMz5zJrSTB_upzRcv-60qyNN6-w1IhOQpEYTdeih_J9UTZZ5IJS0wtj7if8iAJk1B8cNdbqMJ2LieXT5Cw&cry=1&dbm_d=AKAmf-BU15ffEsy5W_NjQbt28aUQz6X9kqdzb7ovPuUjxiVAkDTb-XZ_wFq-MEW6TLzKNABC4YcZpNA-fadSKG-yRiMcY1vGIPQBnbJAQxt4OkR0PkwuU0ARaFDXS16ewCBholK7JFtxEVoWPzrqSAT5BMJfqwlOZDf_Gdhz-QTaO1OFAFc-aeu4ym56Sfao60eK3czMNEPqR_UB3sBpvlbXjYuJSKTaPeTIM8ryuOpBtelfy6AkDnh_8lQwrKLVpyEHM_Gs1it02cZ3xQs21ao7OuVeIcq80HHKwZIeyw4I1KK7Yj-_z8Bvf3k2CzNiRAeHCLj2BhCLp_aIIcN0lf4J3--ORYvcjR453FUcLVLWofmOrEdeXXxSQ0BtYujLNZ4fCOIskmiYAFrwaJe47iT-dDmAnTFKyHanOO1rNHre2_v7aGUKkLX4TonA2sywLV54WJLsJVmW_kqWMMs6vYBumaLN2PPWw-rd_XAEW-x4zpGqRjdsq23tOBt8lBsYZRer8ikR7KGQ8p6PsQY22WhM0f6nKP7sCLbuv1eKNjTAlaEIfbNTrVaqGG1Tf9ccgX9F7CuZjU0KfvVN5-o6s3yuvz8BvJh-hfcS5l7vJtc3_OFdhNxvpEMk7ivRv91p1SwC2Wak9q3PdSj20_lKMrPufXyFw9Rpij9ffMVeU_MeCA6NIQGwJs1mz9jM22VrkgxJJAS4mF08TqWLzk9qLPUylvty7Ol90B2-vzaUZYomoeZNLYiUl_jTB06hW5en2AbfDJxMeymHZTzAc-p_xjDHCRoghC4EVlgJ6de0OTzO3U6xaloBK2YSq8zq1Fl1TKNRB94Tht5cohwfRwvLm_xN-eEWmb8rdBTu6CWs0QzB_eOVbbif6YBr9N7g0egc9M9wkMZLGsAzxSOOU58dMRLB5ywOnVmL6IwgR6Kzq3nKyHJqeez_DIgzB8gpTY5lW5Zz3Fiyigxo3vj9GlTAOVx4YrRzejwmeVPHQkOm-BTMXgZi4IgP1N8vMFB8Mzsm7C7646_UJ9Nmf9hfG56b3ApuBWrhCHzoiwQ2XEFudh81fx5V4x4j2B2huJ2pMHPtiAQoX_vPXOhflxnc_nMOOvvI7bAMqw-6EK0cF7eiShU6g8dkl-nI6f2pCtLwkfHvCeSV4ozD3zsBpwNIInOsihquTpSISAX9zjSGSwDVNFny_xdY0omlyj0MbPRr4wYFYDXWAvBuARLdnWvuR3WkDVvFEhIrAKfUzZcbKegRX8sY0Vq4pNDYvuFjTggkiCvkBkERqWsEcacywr5ES8n6sVqFIwGxy7mupxdBZwble03PnCsYO-8V097PXqUN2mDgs9JBv2ZCST5ofCdK85Qnuc2EojYSoT7PhLz29q7RbnpB5qsfuvWb9e26QqogT6zI3ocV3yOkMAJUrk70mijSFIG0qtHk1uQG5JkgXfUM0k8n_VgIIOtdhtbOJz4L0-RwL3s9dWDsOUuZn3VDrvVcbllyOADHIM1eR_ImQXNfwv4ThQlOQJGqjZTgnwiwCx5bqnPoMxbqhd5DkXfeQpc1hOZn6traJQIrlLGj37tpC4wcwfLC4isvhe-0-ZlxyshiqhdA8nJb7FF7W6W6lPpnHhGMwyTjdWQ_KYjPxVqejt5BNRLqTA_40jhU4Rzal2sWz5pu5wxcuo-L6SGh3Q916vVTlzfdeW5Ho1vc-P_sISr42LTzFXxRDLjwoinRen0yPkbXFgkKIxKSGDfaC0BmW5QMX5GH1NuFVxZ_gypYD62gtqd5xXyOz3QBVzKOK4VAWXMUT6PhJQ66J4bbT9yuLtFqWqq4RB3b9gPRR_1gpkdUwOhmFOPuebOMmUVrLFim-IB5HDtzCCyd8yEYFja1B7BErTMZzLR2-BHHb78iqnlvUOh1BgeQaZ_ZvgbRoAE25O7-MfjvazoJIIm5sks5Q72n2bcoPVBjUAB5IGv4y7UxqvKqWF5fJf72-5YIEcB-N1XrbnKZKLXfPLKfJzK2xEodcuXR4WnUaoyGogaV9cw6BplxDIwkkZbDLcbredb5lFgfiiX4v4tZonqcvjVyogXQrflflbJd_9QhRmZRX_Y4yeqlnuq3rQCTbZaxc4WpMxYnz08V7ODCIs4EJszvDP5NTS6Ynm8toFkc-gEcbw7h1OwxztkXQmcXyXz4s51XLGsnRm9E4gqGuDwxvFgkwnAt-dHJ7SV_v4ww7YioTVPbUip4nlryZwM-xdSpL64l-RmOwE13HKvLONaFck9dxOtMKgVYhRVw3H3P3zLLSAMu94oSoN3P83QsI7dFYz6LeL60xiaIA1lnNyMHckQAi0XUmjP8wjdBRVnWOHJhXM5xKs3mk7GAIDSI6dtJeBP_t12s3zpaUSycHhdolpejCHt1reUuIwYxunde2SKrKj9Ixw7TB3dy5R0BmmsqXThsdw2YxTPZALcL8sonRPgwn7-IYcBMU8dVovNgAUPRQubv4CMJws8BQoGE_5bR4Px4VdtuvZjWvfEEAqQL-n-nBY5J60vX51m81d0eJJgbWuohVwAcc_GziHp2Dgai0-QhSrgCFhjDTbJrqdQwWmktLDoLmNBDpuOnEc9lSUd-rsWgxtKb9uq7ZMJ_snZDA-4-nDUlBu6EQbEPJ1bHS59ziKpP1WVFcYekI_4NyZXlMtFrl_zvsVxt9qvZDFYZoVc1mkvRmb45YK07_oKCxWreU-wI9n79vms7pIqWLrk4P5hEOOWO1lra4FJkUxroOEE9vguQ0aNZxYwvPLqUD_wPDXkhjoNIM40_XEx_02_YjFYASicqdXqB0YncCR0Xbkl5TjLEPzZuBcXdbQXp_jppBjX8zYU1nNfq2fuIqhHdb-cVtPcKsHgheEdIWaxPmGJ8H2ZAGvea7CXaWCRfUWr2vv5Ly2YzXi8Y87ggYip5WIRHfbypIbr25H1Cn1H82Wj7rSHlNpm4qpUooEi8AsC3TL0Y-QhwBeqE8xbQkCbO-str05R0VWoNy-8S0bSd2on4tp5K0cJQ1utdfYK4ILEud2b1pOYwgdGABUuB0JregLmRXerYZPW3d-acfh2miQT7T15_uph1mJ1s9GVWx1ndk1KyF6z-iCMBZWYFevPGSfvwhjI56qJe8LRVls9W5cfDn6kl6U6ZKZmodLGOG7E-Jkn6thNAwa4OZ9xeFBaVsPSuPlmYZvFjzl8NNgS-7bVgd2tAQUFKDhEM6v-tGun42JofFK1shcTkFKz6y6_IGD9a15L5eiH2Xz28EY-1oEvPahyfwo-slenGvL5G2ItDMxm_qmtbap_xUlBjjzUkfpGQ3yKKQGlfcMNwdsBHCq4j_7hb9rPmuEZKf3bxOqdK9fW2FS_-gKOXK5Jv3zi9a-ptfpy05V6NGErmbFr3g0xN30iyewaqhiP2hY1PS6xaGfRYYDV_MUwmpQ7gBY40XuCTmFenSs05ob_H6GVPCkrKl3wvbpswMNUIV1Iv5mEaKlk107Pxki3iNVZ3UYvf-Kqn4DqW5jLBMDZDjqD0LrfnCBXuDECVpkjsahzXYIZ2e-Ig3MDVJ3prEcxD5qH8ujy16ZMb3Vcf17rsekTuIbiKXSgRN0fzlkOL8aekaj0-uJb0qNkrPjG2176sohRM1XYNdmAh2r-fBFj_NduUAjrMGNlSc0SA7sim5UDq4yxnRX20AxqBZS4Z3jFL9_xaFBOL1SpZcg5oUSJF75WKK8snut5KYmg9sNP8osoOaN5-rYiVzMuA1PSP5MUW8-ysWhKPilIU0Y57asY1c1PBur8uYq7gKheEVwzyVy8hIiPMurrc3lpuzWVSJ_rsPwcNyF--opAMXngP7cpzhWYjVFQxW7cgHwVct-vdgBZI0SGlo16kbdqNaIh7RE7z6D4MImi-yIYY67b63zeLiWBhagd0xUe6zKSR9sy86B0_27frkBhvYEMVhSDeq-8eeOBAQjH-znCeFtfpgKwej0Sy1dHdk9tjcTyHrMczjBsTMHfgSFVjw8W2cfFzbDP0EH7XIqgOJMcRcyyT20Cs8LgNqgaih27sfWkrl9x78VPyEjcmgwJa2C07owQc6pb2IFiJjP0jnXnvVqbxqyiB4PqzNdt3zXRzy9rnrqM_JmKj38JBp9slTDqc88QjrdUBfAN-jX5WWBpYBsxyN8jppUas-gQsxq8LWvqHNtka-QKADtntDXQsHxY7iKV1xkYe0DPV4wz9Amie-y8WNxIpy1J-PiDkmcbWDpg27vEjTgmd0MogroidnQ3kg5_AJjhmiRAudJ6UTJFx0ilZmIW5pxtZC_mOESebhcrihJTuZBthkv7m3ea-NnPacXZZmMK7qNgkOvtxUnoH4hXmILbq50VhD8mKJTYY0gPoSLDYZn_i8E2AOf7_WvVbIUKrnlgTlOQ_s_GZwoLkoxeqcIMw5cyxhh5zc588o2OnUZqATb3pRyfLqFrxRuBJORYzxA&cid=CAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.rafyon.net%2F&ds=l&xdt=1&iif=1&cor=18374028683195890000&adk=2228999115&idt=166&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 05:44:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 229423
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Nov 2024 05:44:11 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTgyNDQ3NDMzNjI4MQogIHNlcnZlcl9pcDogMTI2MDY3NjEyCiAgcHJvY2Vzc19pZDogMTg0NTgxNjEwMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame E7E8 0
940 B 167ms
69ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTgyNDQ3NDMzNjI4MQogIHNlcnZlcl9pcDogMTI2MDY3NjEyCiAgcHJvY2Vzc19pZDogMTg0NTgxNjEwMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA3ODMwNzU4MDA2OTAyODc2MzE3CmRlYnVnX2tleTogMTA3NDgyODc4MDYwNDk2NTYwNTkKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTEyIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIyMDU3NzMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjYzODMwMjEwMQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIyNDEzMgogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3NTQ5NzQ3MjAK

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xd45375a1cf275cd30000000000000000","13":"0x2f6526b76dc885220000000000000000","14":"0xc36f89d413b1b8a30000000000000000","15":"0x1143516144003b7b0000000000000000"},"debug_key":"10748287806049656059","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"7830758006902876317"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 6zpgftvkkw73 Show response
hal9000.redintelligence.net/zone/ Frame E7E8 12 KB
4 KB 80ms
25ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/6zpgftvkkw73?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCXbCOWUNRZdOxMZDggAeLraqQC8z5hqBp273H__cP8C4QASCqgMMiYJEEyAEJqQLSS1n3nu2xPqgDAcgDmwSqBJcCT9C5Legf9Pc61IQGZJ3sA8wnGJZxXgl25UUjWJvnxi8MhHNHMCfoDZWmMS5Cbs9VhynWoh4_4pwsvwBEPo8UJyYMTarg-KhmAU0mONT9HHYA1YA2I_Y6_8ppMdc88MZgZNugd4uBNoL__Lk4vqjwGT5RQUUi2cQT6-M5ZhCLZ6b_iMpFSH2-gYNEYWQp3GzxMLD26mLAyKKx8cio_O27zlBrKP2sk_BnInyELUIavPFFKzg52I1YMbX7umYxi3n-4rv8cQtK-OW0X0UHo_78sd88mVAda--2nImbqVE_WDof7XqD9aUcwN6Chv-UBbQZ0dKgMNcAyMFJt-OKcsaY66enIBlUNGU8U9hIDdAhnnGVYZQEzgCxwATq68yj5APgBAOIBZWv4f09kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03OTI1NjgyOTQwMjU4MDI0gAoDmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CTkziDRMIhPi0z7O_ggMVEDDgCh2LlgqysBPgm80O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ%26sig%3DAOD64_0ai5lDpZFATVbDZzpHz4D5Vk5o1Q%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-CCmgLU0y8G6gz7MXKoHP7TSHVsTBT0RTK7Z_CQNLx_tw6ylJRU82X0tzkB0r_2gqsQ109k20Mt-ReIawepPkIJYdeEvM1u0-2q9CQG7LgSaUm_rao73_V8F903qCKO8h2qWkKdHauPce1Q4FHzdz7XZIxc8zRTIZLbaz5j7ZM2-DGIB4g%26cry%3D1%26dbm_d%3DAKAmf-CawW9QCeL-PhUNMgVAw3A-8MyzvNLHFZhuL8ntaM7UZFtsB9oy6aAK0K0t1Cf1B_DwpJ8eavlCF2CTZsfB3M-sbItdP4oIJ7L2_uGDIGIus_98Ob4rIgz4s4a4Jvgqi-0GC700Txumw9PNgEHM8U-8U5WVPKyWn-EpzIRKgblNNjpq85cxemfYFJv08PTePaV0-gV-fPlKDRBZi9YbUqFce3780gcWRXWnqF709zCDv7M6CKY6ehFwScxddbfc26cMS423yS1ON69_T_YoewIdoTLg7MBKIm-bmUgewa_kcyKoKS01lZ9LcUM9k0GunVObbOZCGQmSWAWTdQ0CHMGg4eTDYz28cPA4dSGhT0d1zmZ4x60XgyvulHK55VOb0GfF3ADwK1oigQW5Vw7z-3dSUHWdAxHi51PWflVhywrj-R2v3yUGQXcmUNEjlfgtPDMuHyFJIFmca9LJSoqjILl6Z9DGJn43Aaze-MqoLuEhEwADuydLP2hrnVEq6bFqN4TYe4TP7wQI9VfmXBBDnCHSirGlEV2o7m7-odFmSCzQR2uRYdEO4cyGboD5-TACD4kG2DTsTYxwCshDvrFcJawoWhpenQCcdHuoN8PbLp0C2kkLF7TVKI8OcBVv-P7UKauDYkWfnJFlmtwgN92I7Y-oUBZ2833XDBr8ovqWWWEH3cW7ADY%26adurl%3D
Requested by: Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 1aae9f898179597d40812a0689b3c6b8cd94b7de9eaed27262199393981207ae

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sun, 12 Nov 2023 21:27:54 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4344
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 41EC 38 KB
13 KB 19ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 335152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 09 Nov 2023 00:22:02 GMT
expires: Fri, 08 Nov 2024 00:22:02 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73ED 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=44&d=1&s=1&f=0.01&bgai=BDevtWkNRZetC2ZGBB4OUnPgIAAAAADgB4AQC

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 84C4 38 KB
13 KB 20ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 335152
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 09 Nov 2023 00:22:02 GMT
expires: Fri, 08 Nov 2024 00:22:02 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 73ED 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a424af0227b9f4d0d456c19cafa6c3894c9d16353289ac5f0fc2d0409dc0a9de

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F95E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1

43 B
735 B

35ms
34ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLWwChCPwUUYvcWc5QEwAQ&v=APEucNUD29FrLvrn8FFt9N8Vd5u7nxRcB3ocgAvToyz1cqdML-0qKm6kAHixjVJJeingClujR74_y-bOM8S-8QNoHk7CDo_hNgChA7JldNQS1SrkOGB8sRnSfBEu9mOdm8ZjYhe8vRT44jPY0YU1UStN4uKASbCKpwcqDUvQIQte7Pkx9uTG524yvaIuBNJoIfFCXBhnwxHP5eoE2wEF0Glnu5kr939Kqg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53J7yniN6H%2BhbcLz3L4%2BRivRo4C8kMMg%2BxOzo8ZsrqNVwPgQ85wXsWzlVr4HyuW2MfX1sn6fln9vXIRkfrmYHfJqyyCC9cXUTi3nh7g6o9uVBnaMBWsOQxWnss141f6hM%2Bkd0kQ3wALK0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8251dc959aae2c77-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F95E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVFDWnYHXypzGT.X5u4WZwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2

43 B
739 B

33ms
33ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLWwChCPwUUYvcWc5QEwAQ&v=APEucNUD29FrLvrn8FFt9N8Vd5u7nxRcB3ocgAvToyz1cqdML-0qKm6kAHixjVJJeingClujR74_y-bOM8S-8QNoHk7CDo_hNgChA7JldNQS1SrkOGB8sRnSfBEu9mOdm8ZjYhe8vRT44jPY0YU1UStN4uKASbCKpwcqDUvQIQte7Pkx9uTG524yvaIuBNJoIfFCXBhnwxHP5eoE2wEF0Glnu5kr939Kqg
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSRUZf2rCKpN1p%2BXObOk61JoF8gSm%2B7iU9%2FvTlVVWZT%2B3reon7XpM1mwBCt5FavEhAAzzAWgCoAj6oqeLFmTNsLe293MnAmZgENLFcNUz3u7WsFFwmTiiWMNQ5RhJDpxc4afOkh2%2B%2Fqlmw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8251dc95eaf92c77-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPd32ZYSw99VqnCdgyZbwqw&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F95E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1

43 B
836 B

14ms
12ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLWwChCPwUUYvcWc5QEwAQ&v=APEucNUD29FrLvrn8FFt9N8Vd5u7nxRcB3ocgAvToyz1cqdML-0qKm6kAHixjVJJeingClujR74_y-bOM8S-8QNoHk7CDo_hNgChA7JldNQS1SrkOGB8sRnSfBEu9mOdm8ZjYhe8vRT44jPY0YU1UStN4uKASbCKpwcqDUvQIQte7Pkx9uTG524yvaIuBNJoIfFCXBhnwxHP5eoE2wEF0Glnu5kr939Kqg

Protocol

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
an-x-request-uuid: fb92388f-fd29-463d-abab-9d8a39d9553a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.79.98.39; 5.79.98.39; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEP2YUVW85BNMlfB9uuNpN34&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F95E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D

170 B
232 B

29ms
29ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
an-x-request-uuid: a384e665-eabb-4758-91fa-1d55324abf80
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjI4MDkwNTM4Njc2NjI0MTM3Mg%3D%3D
x-proxy-origin: 5.79.98.39; 5.79.98.39; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 41EC 39 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 13:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Nov 2024 13:20:20 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 84C4 39 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 13:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29254
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Nov 2024 13:20:20 GMT

GET
H/1.1

200
OK

request.php Show response
hal90002.redintelligence.net/ Frame E7E8
Redirect Chain

https://hal90002.redintelligence.net/request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90002.redintelligence.net/request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

136ms
92ms

Script
application/x-javascript

46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCXbCOWUNRZdOxMZDggAeLraqQC8z5hqBp273H__cP8C4QASCqgMMiYJEEyAEJqQLSS1n3nu2xPqgDAcgDmwSqBJcCT9C5Legf9Pc61IQGZJ3sA8wnGJZxXgl25UUjWJvnxi8MhHNHMCfoDZWmMS5Cbs9VhynWoh4_4pwsvwBEPo8UJyYMTarg-KhmAU0mONT9HHYA1YA2I_Y6_8ppMdc88MZgZNugd4uBNoL__Lk4vqjwGT5RQUUi2cQT6-M5ZhCLZ6b_iMpFSH2-gYNEYWQp3GzxMLD26mLAyKKx8cio_O27zlBrKP2sk_BnInyELUIavPFFKzg52I1YMbX7umYxi3n-4rv8cQtK-OW0X0UHo_78sd88mVAda--2nImbqVE_WDof7XqD9aUcwN6Chv-UBbQZ0dKgMNcAyMFJt-OKcsaY66enIBlUNGU8U9hIDdAhnnGVYZQEzgCxwATq68yj5APgBAOIBZWv4f09kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03OTI1NjgyOTQwMjU4MDI0gAoDmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CTkziDRMIhPi0z7O_ggMVEDDgCh2LlgqysBPgm80O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ%26sig%3DAOD64_0ai5lDpZFATVbDZzpHz4D5Vk5o1Q%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-CCmgLU0y8G6gz7MXKoHP7TSHVsTBT0RTK7Z_CQNLx_tw6ylJRU82X0tzkB0r_2gqsQ109k20Mt-ReIawepPkIJYdeEvM1u0-2q9CQG7LgSaUm_rao73_V8F903qCKO8h2qWkKdHauPce1Q4FHzdz7XZIxc8zRTIZLbaz5j7ZM2-DGIB4g%26cry%3D1%26dbm_d%3DAKAmf-CawW9QCeL-PhUNMgVAw3A-8MyzvNLHFZhuL8ntaM7UZFtsB9oy6aAK0K0t1Cf1B_DwpJ8eavlCF2CTZsfB3M-sbItdP4oIJ7L2_uGDIGIus_98Ob4rIgz4s4a4Jvgqi-0GC700Txumw9PNgEHM8U-8U5WVPKyWn-EpzIRKgblNNjpq85cxemfYFJv08PTePaV0-gV-fPlKDRBZi9YbUqFce3780gcWRXWnqF709zCDv7M6CKY6ehFwScxddbfc26cMS423yS1ON69_T_YoewIdoTLg7MBKIm-bmUgewa_kcyKoKS01lZ9LcUM9k0GunVObbOZCGQmSWAWTdQ0CHMGg4eTDYz28cPA4dSGhT0d1zmZ4x60XgyvulHK55VOb0GfF3ADwK1oigQW5Vw7z-3dSUHWdAxHi51PWflVhywrj-R2v3yUGQXcmUNEjlfgtPDMuHyFJIFmca9LJSoqjILl6Z9DGJn43Aaze-MqoLuEhEwADuydLP2hrnVEq6bFqN4TYe4TP7wQI9VfmXBBDnCHSirGlEV2o7m7-odFmSCzQR2uRYdEO4cyGboD5-TACD4kG2DTsTYxwCshDvrFcJawoWhpenQCcdHuoN8PbLp0C2kkLF7TVKI8OcBVv-P7UKauDYkWfnJFlmtwgN92I7Y-oUBZ2833XDBr8ovqWWWEH3cW7ADY%26adurl%3D&documentReferer=https%3A%2F%2Fwww.rafyon.net%2F&ancestorOrigins=https%3A%2F%2Fwww.rafyon.net&random=8238664272311&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 99bcb1c88785781418083b5ec2ef0f49dc98e6b5230cbfe0215c8945a58cd948

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 12 Nov 2023 21:27:54 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 98622600140485304445414012506002
Connection: close
Content-Length: 894
Expires: Sun, 12 Nov 2023 21:27:54 +0100

Redirect headers

Pragma: no-cache
Date: Sun, 12 Nov 2023 21:27:54 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCXbCOWUNRZdOxMZDggAeLraqQC8z5hqBp273H__cP8C4QASCqgMMiYJEEyAEJqQLSS1n3nu2xPqgDAcgDmwSqBJcCT9C5Legf9Pc61IQGZJ3sA8wnGJZxXgl25UUjWJvnxi8MhHNHMCfoDZWmMS5Cbs9VhynWoh4_4pwsvwBEPo8UJyYMTarg-KhmAU0mONT9HHYA1YA2I_Y6_8ppMdc88MZgZNugd4uBNoL__Lk4vqjwGT5RQUUi2cQT6-M5ZhCLZ6b_iMpFSH2-gYNEYWQp3GzxMLD26mLAyKKx8cio_O27zlBrKP2sk_BnInyELUIavPFFKzg52I1YMbX7umYxi3n-4rv8cQtK-OW0X0UHo_78sd88mVAda--2nImbqVE_WDof7XqD9aUcwN6Chv-UBbQZ0dKgMNcAyMFJt-OKcsaY66enIBlUNGU8U9hIDdAhnnGVYZQEzgCxwATq68yj5APgBAOIBZWv4f09kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03OTI1NjgyOTQwMjU4MDI0gAoDmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CTkziDRMIhPi0z7O_ggMVEDDgCh2LlgqysBPgm80O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ%26sig%3DAOD64_0ai5lDpZFATVbDZzpHz4D5Vk5o1Q%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-CCmgLU0y8G6gz7MXKoHP7TSHVsTBT0RTK7Z_CQNLx_tw6ylJRU82X0tzkB0r_2gqsQ109k20Mt-ReIawepPkIJYdeEvM1u0-2q9CQG7LgSaUm_rao73_V8F903qCKO8h2qWkKdHauPce1Q4FHzdz7XZIxc8zRTIZLbaz5j7ZM2-DGIB4g%26cry%3D1%26dbm_d%3DAKAmf-CawW9QCeL-PhUNMgVAw3A-8MyzvNLHFZhuL8ntaM7UZFtsB9oy6aAK0K0t1Cf1B_DwpJ8eavlCF2CTZsfB3M-sbItdP4oIJ7L2_uGDIGIus_98Ob4rIgz4s4a4Jvgqi-0GC700Txumw9PNgEHM8U-8U5WVPKyWn-EpzIRKgblNNjpq85cxemfYFJv08PTePaV0-gV-fPlKDRBZi9YbUqFce3780gcWRXWnqF709zCDv7M6CKY6ehFwScxddbfc26cMS423yS1ON69_T_YoewIdoTLg7MBKIm-bmUgewa_kcyKoKS01lZ9LcUM9k0GunVObbOZCGQmSWAWTdQ0CHMGg4eTDYz28cPA4dSGhT0d1zmZ4x60XgyvulHK55VOb0GfF3ADwK1oigQW5Vw7z-3dSUHWdAxHi51PWflVhywrj-R2v3yUGQXcmUNEjlfgtPDMuHyFJIFmca9LJSoqjILl6Z9DGJn43Aaze-MqoLuEhEwADuydLP2hrnVEq6bFqN4TYe4TP7wQI9VfmXBBDnCHSirGlEV2o7m7-odFmSCzQR2uRYdEO4cyGboD5-TACD4kG2DTsTYxwCshDvrFcJawoWhpenQCcdHuoN8PbLp0C2kkLF7TVKI8OcBVv-P7UKauDYkWfnJFlmtwgN92I7Y-oUBZ2833XDBr8ovqWWWEH3cW7ADY%26adurl%3D&documentReferer=https%3A%2F%2Fwww.rafyon.net%2F&ancestorOrigins=https%3A%2F%2Fwww.rafyon.net&random=8238664272311&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Sun, 12 Nov 2023 21:27:54 +0100

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14482064635620417758/ Frame BA09 13 KB
4 KB 61ms
20ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8de3a8714784213ac60c3bfa981c4c7ac0d18d07366888302660a0a3918c2249

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 520930
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4015
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 20:45:44 GMT
expires: Tue, 05 Nov 2024 20:45:44 GMT
last-modified: Wed, 29 Mar 2023 10:16:28 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 73ED 0
0 139ms
64ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss4GnkbCoVZO25r6aXe2c6fwJk8hjDcWxl7XWKIAxEGrQivnwH3VCcvkaGgcaETvBteBw8DhUf_tr2-T0WYhshhDOztygfD8wYoNFHhIUpM4gph7waHvR2gJadcnf1GmXbetlDluKbrNGHYTVGgl3eBosyBgyQMYQv-KAjeU_2RARG2fQYlTWWTnOAkWSoaImx7hPwERlP8eUPWznSDlR-eav61owq-Tt2ZSUE72bPxV1tobUtC34MlV4K_O4GWiGs_FQfMtM03irIkyLD7eMW2ZALQCmfpnc3FUiipcHgSI78yT55t-Qdnfjsa1y8YyrhezhHd6hvecz_ITc-D6VXvLGHRh9qgfWqK25xAXcjqZ74HWuL9tslTvPVV0438vI42O0m9sHkM7Dw5bvRYXK6Uqo_-aPewPrnayAMLpN91cl5sGNSglEIesvh5thEN9HB983ArcMg_IONSwFzKX7k0MWzM2sy1jbLo_Vc_42ntDnLGBB75bvlyriiydSxxBpDOn96FoxigwRYGH4ct2p8RCz6_pmfXTT8V0y_m7YlgrPHj47fFFhNXTdGFA0lwNJzEtCl3qjLMJZFG2-sag-1ObEs8mWZMr-hv9rMnkzuCEzIkawJ0DUO0va_U-4HGjuBVTwHGNDaRpWdgMcciNWOd9XCXnAf8bFtOp88w9JZJKEaGx2rMqAoO3jiMeJDuIwxi18RMD7lIjs4nkV9-S5uEpWv20k2ViejVglmojeHEDreMdY2rekpp3j29mG47t4n63lN3OfxjGwW_ePpttrOg8eOX9am0Q2MAqpugQYW7hWd2jl3W3yJB0AW16ub5959z6IhEZkg3gDl6SgB4nuDqwMGW0qvHIMMOiY10A1MfK1DLmwbN1xmqqO4AMpjf3FDmNpDG6QDT3VCEOXGdvIH1b32jhlJbBtg9Htjiqo5iFqcBQaVyVBh7oa0Hki5jKQxA0lf11Yi1qIE7CNyGTcwqIjoofgb_YrA78xcLKdhe6ky9Gun3RSw8rujOlWVf6n6m0kgoiyazvzGSEgpndvDYP5NjhzXU85-t9fIMsyyq9KDvva6Ixh_Jpujp27qpSmV8N_lg1iCN6v3-UJXqRRhm_j1e8ESB0hfebFJCdWdMtuyT55eDI1pOdddaIA63goBTwZc0EFxbRsvWzsnMY9iHAbgL0PPNFgkyDe3KLnpdZnb7TwGBrshWYlJU0xIwz6NYHNjlQfvcwmQMfIw_xPtjyXww9FV7yeXS-VFNZpQeQluE4VQclxwflM1Bdr82j5ki7Nr3FF3GuhZWIIIXVGqww-oSK65a35l8eLxC7MYa4f01Ire0_06xnIGY_CrtwGODomHHrJY0WCHxJtE5YkgGZP82cuaAmCmqomulsO7bhb-AtJddpGse5C0-iQT-LiidUDY318Yo9QwN1bSIqWpjOUSQjU-E8gbk0598imsyt05g5Rlaaj6Kq2mfhcctimM&sai=AMfl-YRtHcYIq-I2CCeEOicnBqRU6pIIqW2bU7HE-EGs4BL0uFrE7TciPkWfkOTtxyPNnrqgIZESLC6l93hk3ibGp4g-_0TyjggiD8PHxJHxQkSY2YPJSlzSITaiy-FIp-qiXs2nvxP-c4enPocOfDmTyZAEdv1i3rCXc2JMWHPRkhMer7hmQKwzMo_4CERzVr39svb-XywM7pMEKjOh5pXVMVcQ6Bzj1nd7bGiWJXPPmz1IHBpSp7rFDklxp1XEmg6YzlGbJ71ba5ttXUvlxyHIcUCxNA9aH9gkFIBkbwPhdBS0we5iyReuMKXl9HtxJL8Wuffk4TNK389RXV_d2OHzaijbvjQXjsBYLz91oVKX-Wdrp36Nq2QZ6BQkW-sqY3SA2E8tBJam4MmUOn7Q68o1ya9VnXUqqoBxvjR_RwsxQh-k9KOh0cZm6dw1qwlmzvkizAzZ9q7-I305mX6pvRQmmRN1XU6P9mDK9XSSX_CVLbApZEwiM3A02ks&sig=Cg0ArKJSzHQ8EEtNVRCfEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=136&cbvp=1&cstd=132&cisv=r20231108.45275&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 6ccb0c67f755856429b1364873bf0832.js Show response
s0.2mdn.net/sadbundle/14482064635620417758/ Frame BA09 88 KB
25 KB 21ms
21ms Script
application/x-javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14482064635620417758/6ccb0c67f755856429b1364873bf0832.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51881959e618fd23b6bec2ea2790a023e4befbe3f5e4bf738dc41714638053a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:45:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 520930
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25634
x-xss-protection: 0
last-modified: Wed, 29 Mar 2023 10:16:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Nov 2024 20:45:44 GMT

GET
H3 200 7454522b480bc265d53f659442deec5e.svg
s0.2mdn.net/sadbundle/14482064635620417758/media/ Frame BA09 12 KB
4 KB 24ms
23ms Image
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14482064635620417758/media/7454522b480bc265d53f659442deec5e.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10227d4b6da0ccc2a8944e7acb8db3349164ba2475bbcfaa5a58955daba997ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:45:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 520929
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3715
x-xss-protection: 0
last-modified: Wed, 29 Mar 2023 10:16:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Nov 2024 20:45:45 GMT

GET
H3 200 a2ceed1ce1c3ba0c08979b43a9c4495d.jpg
s0.2mdn.net/sadbundle/14482064635620417758/media/ Frame BA09 34 KB
34 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14482064635620417758/media/a2ceed1ce1c3ba0c08979b43a9c4495d.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d376b8f5155cce923f1d9eb3e08974def3f0e51f10df79bd02d35a8275f9c6a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 07:16:54 GMT
x-content-type-options: nosniff
age: 310260
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35157
x-xss-protection: 0
last-modified: Wed, 29 Mar 2023 10:16:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Nov 2024 07:16:54 GMT

GET
H3 200 8452a4b193d49e7487f9a1155eb60836.svg
s0.2mdn.net/sadbundle/14482064635620417758/media/ Frame BA09 11 KB
2 KB 23ms
22ms Image
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14482064635620417758/media/8452a4b193d49e7487f9a1155eb60836.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b3cf9d2fd5fde29aa02875cc3f7a61f899567762830b834c3ada948b4622ab3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 10:18:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212983
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2073
x-xss-protection: 0
last-modified: Wed, 29 Mar 2023 10:16:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Nov 2024 10:18:11 GMT

GET
H3 200 a357aec2208f2fe33d57546da193683c.svg
s0.2mdn.net/sadbundle/14482064635620417758/media/ Frame BA09 3 KB
1 KB 21ms
21ms Image
image/svg+xml 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14482064635620417758/media/a357aec2208f2fe33d57546da193683c.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be4a85e01f0b87c03fea7148e9567ea1728b4459422933e459ce0b95799c0570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14482064635620417758/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 07:08:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 224377
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1358
x-xss-protection: 0
last-modified: Wed, 29 Mar 2023 10:16:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Nov 2024 07:08:17 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84C4 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B923bWkNRZZnDFJzHjuwPpdaT8AYAAAAAOAHgBAI&bg=!ubqluvXNAAZxrfrxUa07ADQBe5WfOP9gnuGR_pkOsi2uhEAW9p9vEyjPr1dewvUAugB7vOvec2CSjIe1DUC2yt4KwAR_AgAAAH9SAAAAB2gBB5kDBVBz1nvs5rD83HykPHa5sAey2H249fZtVEzq6JDw-FzRs1H2jK9G45Z2agoh3-e7qoiw1VGbgH7s3xigvwIELnmrDXtZu3uqS4JQzeo4LY5S73b9SEtW9WMF8iKfQD2tYRX2ChSGpweSRjv-7hFw9uajMR_vc4FLbMan70Gq0QGz8faIwBzVGFmxIHcvOQaJv260BwunkEyVodnAIQp4xu0s10rUNEZ3-6nNgr-lm6QGZSFpTq-8MmcDHubISi4uDmTEcBp09a2qtpvtHxpBRhoPmgsVL9bLT1d-eeWukzfZ5h2StnW_23_EwZ6mrmoUiN31f7sCKj0aoLr1cUCcbljKmVSBuBRqEEj77ROx63u7EtEN4HCIaBYv1TN80JTWCbd1lB1ztEpT7jNwUW1s1QmxebhAQCfK5h91_m6ffn16d5kTztZfdWV7aqYuThST7ZjvAnO-4-MKFuDp0XGwdMmzytraxbxDIgViHnjWftP2iHtNMvYYcb_EWg_ZsR4i7V3zd0gFgpN1zeIcCc56Piqr-CfypMX2LqxGID-KzIrSbQU5rrLGnLXZpHE97bVAtKCM8Ez-lP-io6D-XOR5H64cosllcmMTacf-2hKWFRq0vIQ69LioPJGuCuKgDpI342_El54dy-KY3pN4Yc3LZk17NgPXdRH-h9W9bh9b7DGeOQEixCNfZkpLyjbaIwcPhHm6vaDB_kipWXyTT3LalcY26zs9_ozTg4NqRQbWs9DMrRcp951IBluauLRqQTxn5ogGvTHjVSYnQlqRYZ-x0KhC-Xm_8rv94LAuI4UDEHtAfGqnI7EgRSRPlnixeCYkyVN4DCzcUq6p2-DYWfFWc3_ckX2uXUspzn29LAIGmeOf7YZhZOuewHcHyqDlrz62xiM8j3CQy3IZZzG5Ou92MQV52o2dKM65xRkK73UI9idhWyE9YOUf92YcKD777ZqpTpJw6jPjhxnCM6EtWzJPaL2IBXbjjOGM0fOhvRkZl1UJF7ay1MKKo4WsXpF-zUFiw9ij-xFp

Requested by

Host: 2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
URL: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 73ED 0
0 57ms
56ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss4GnkbCoVZO25r6aXe2c6fwJk8hjDcWxl7XWKIAxEGrQivnwH3VCcvkaGgcaETvBteBw8DhUf_tr2-T0WYhshhDOztygfD8wYoNFHhIUpM4gph7waHvR2gJadcnf1GmXbetlDluKbrNGHYTVGgl3eBosyBgyQMYQv-KAjeU_2RARG2fQYlTWWTnOAkWSoaImx7hPwERlP8eUPWznSDlR-eav61owq-Tt2ZSUE72bPxV1tobUtC34MlV4K_O4GWiGs_FQfMtM03irIkyLD7eMW2ZALQCmfpnc3FUiipcHgSI78yT55t-Qdnfjsa1y8YyrhezhHd6hvecz_ITc-D6VXvLGHRh9qgfWqK25xAXcjqZ74HWuL9tslTvPVV0438vI42O0m9sHkM7Dw5bvRYXK6Uqo_-aPewPrnayAMLpN91cl5sGNSglEIesvh5thEN9HB983ArcMg_IONSwFzKX7k0MWzM2sy1jbLo_Vc_42ntDnLGBB75bvlyriiydSxxBpDOn96FoxigwRYGH4ct2p8RCz6_pmfXTT8V0y_m7YlgrPHj47fFFhNXTdGFA0lwNJzEtCl3qjLMJZFG2-sag-1ObEs8mWZMr-hv9rMnkzuCEzIkawJ0DUO0va_U-4HGjuBVTwHGNDaRpWdgMcciNWOd9XCXnAf8bFtOp88w9JZJKEaGx2rMqAoO3jiMeJDuIwxi18RMD7lIjs4nkV9-S5uEpWv20k2ViejVglmojeHEDreMdY2rekpp3j29mG47t4n63lN3OfxjGwW_ePpttrOg8eOX9am0Q2MAqpugQYW7hWd2jl3W3yJB0AW16ub5959z6IhEZkg3gDl6SgB4nuDqwMGW0qvHIMMOiY10A1MfK1DLmwbN1xmqqO4AMpjf3FDmNpDG6QDT3VCEOXGdvIH1b32jhlJbBtg9Htjiqo5iFqcBQaVyVBh7oa0Hki5jKQxA0lf11Yi1qIE7CNyGTcwqIjoofgb_YrA78xcLKdhe6ky9Gun3RSw8rujOlWVf6n6m0kgoiyazvzGSEgpndvDYP5NjhzXU85-t9fIMsyyq9KDvva6Ixh_Jpujp27qpSmV8N_lg1iCN6v3-UJXqRRhm_j1e8ESB0hfebFJCdWdMtuyT55eDI1pOdddaIA63goBTwZc0EFxbRsvWzsnMY9iHAbgL0PPNFgkyDe3KLnpdZnb7TwGBrshWYlJU0xIwz6NYHNjlQfvcwmQMfIw_xPtjyXww9FV7yeXS-VFNZpQeQluE4VQclxwflM1Bdr82j5ki7Nr3FF3GuhZWIIIXVGqww-oSK65a35l8eLxC7MYa4f01Ire0_06xnIGY_CrtwGODomHHrJY0WCHxJtE5YkgGZP82cuaAmCmqomulsO7bhb-AtJddpGse5C0-iQT-LiidUDY318Yo9QwN1bSIqWpjOUSQjU-E8gbk0598imsyt05g5Rlaaj6Kq2mfhcctimM&sai=AMfl-YRtHcYIq-I2CCeEOicnBqRU6pIIqW2bU7HE-EGs4BL0uFrE7TciPkWfkOTtxyPNnrqgIZESLC6l93hk3ibGp4g-_0TyjggiD8PHxJHxQkSY2YPJSlzSITaiy-FIp-qiXs2nvxP-c4enPocOfDmTyZAEdv1i3rCXc2JMWHPRkhMer7hmQKwzMo_4CERzVr39svb-XywM7pMEKjOh5pXVMVcQ6Bzj1nd7bGiWJXPPmz1IHBpSp7rFDklxp1XEmg6YzlGbJ71ba5ttXUvlxyHIcUCxNA9aH9gkFIBkbwPhdBS0we5iyReuMKXl9HtxJL8Wuffk4TNK389RXV_d2OHzaijbvjQXjsBYLz91oVKX-Wdrp36Nq2QZ6BQkW-sqY3SA2E8tBJam4MmUOn7Q68o1ya9VnXUqqoBxvjR_RwsxQh-k9KOh0cZm6dw1qwlmzvkizAzZ9q7-I305mX6pvRQmmRN1XU6P9mDK9XSSX_CVLbApZEwiM3A02ks&sig=Cg0ArKJSzHQ8EEtNVRCfEAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=309&vt=11&dtpt=173&dett=3&cstd=132&cisv=r20231108.45275&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 41EC 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BDevtWkNRZetC2ZGBB4OUnPgIAAAAADgB4AQC&bg=!Y2ClYC_NAAZxrfrxUa07ADQBe5WfODlIoqoZ9i1MAHmiMrbNlKmuUGC47p5Pcm7AI8TK22rRkVDdGCU95aQbl3vYg9HVAgAAALtSAAAABGgBBwoAgC-R5ozd2T_T1JVsmfXPUjNPNJXWWmouUb1HFGg2tsPgnTd6_kltu4fgVmNt-mAI_J-HnLlnV6JKibBgtAHqcjc3RHB3tXkvdjM9IVtWjkSQOkSLZzb9ZlEuC_lAIcYsy1MRTtlmaDd5Xi9nuZ4P6mzA2rgFTaWAyf1AnBM9VWA8mQMDJuyWR9ZFcEwotUt5S6KtwNkYGjjtQDwlr4Y2wc-2Nw0Sq2egivFtHYQtMLf7wyOUBrrvTWQ7F6iX_Usl_lRqjDcza0SEwDI3TaN__HlNcEYB_flYy-ogsbEeTaCxDyXT-TaBHVPDbM8dhihFBYbaCu8wgEJ21FaS9SzXqaX_J9SGSf7hRos7sthxAlv4g4ozsLwBPQjn8gYb0wwRK-nIKwDMFGPKfkqcxL9JhAiRRnOQk9RHrAiOj8hEPFUmBArlELMVrGimdrZCHIsxZwlxr63TCFqrLqZ1jQ01PSpZB4hwPazhUutof95myQMw320TD_-pbD0W_sXvi7YLQHAbXAE5osNGcpi67_9ANbZ_klG7HIYBAa8Me15OExdptQQKUxl0Jgngv3Zcad-0vzQF-o2WEjaBEXqvNd1m7tPdJoYyWkgJjWO2Y18lzBPWY0x7qTsLW8ul2-ue54pOLYTTBPgqNnKmXafvxFKL-SwTeob35ehttTk_DJRAILi4whMi0CfvJKjRCRwbgUgVQR3hEj1VIp6LfL0EBPy5Qvb59lAj7NwXBUvYEBeQBoEInZJgqLBo6tQxJBnkCqHGB-uMdoTepuTlxs7cDVcJuGqG1o1z4s_5sri9df601GlsGcyp-Ogtn9MxExk6tjr9trHaZrgNzE3AstXFTSTZXJ91PJP4ZUXR65loxl5Pxsyy-FRNIs_cNQR3FA7FNt0MVnLV2T0_ORRlxom9z8J1y_3Uz9V40eZ0JpnLHEipLXecU5AokqXJuuEUyjYsiyXmayY7K-MIyOmHvg-vSdjUOX1urTSTESH7KViTm1-YCZKrsj7vRidZlM9_RgwIaSPhrsVot4oZ5TxnigrYCG8UpfIp37ToBxD3_WWjHggk4jg-qYhuw6tq6YmS1t0Zsgf8xG682rC9oq_M5gcM9-nxil8FoClwQN7cqc_ReYuhmXKf6F9ngTDZmd82okr1UTAv1x3W3HfIbYn_uZ0FoT4AwuSVlaCyPIKmbcWQ7VHp8V6Ov-WwFLXt

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52 Show response
8019191.fls.doubleclick.net/ Frame 8D30
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52?

390 B
326 B

63ms
62ms

Document
text/html

142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52?

Requested by

Host: www.rafyon.net
URL: https://www.rafyon.net/read702/78.html?hash=YW5hZmFzdCA9PiBodHRwczovL2FuYWZhc3QuY2MvZW1iZWQtbTc0Y2RjaDRsNXd0Lmh0bWw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

bba9d42a99e14dd0a941da96c2b45893cc24ae3fbfb000c8aeb0eaa1ab028169

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:54 GMT
expires: Sun, 12 Nov 2023 21:27:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:54 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90002.redintelligence.net/ Frame 725B 4 KB
2 KB 69ms
24ms Document
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/request_content.php?s=98622600140485304445414012506002&a=013dcc30
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request.php?zone=6zpgftvkkw73&nw=20&renderingType=javascript&namespace=195daedd10&subid=&uid=2f706b74a75e9350&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=320x100&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCXbCOWUNRZdOxMZDggAeLraqQC8z5hqBp273H__cP8C4QASCqgMMiYJEEyAEJqQLSS1n3nu2xPqgDAcgDmwSqBJcCT9C5Legf9Pc61IQGZJ3sA8wnGJZxXgl25UUjWJvnxi8MhHNHMCfoDZWmMS5Cbs9VhynWoh4_4pwsvwBEPo8UJyYMTarg-KhmAU0mONT9HHYA1YA2I_Y6_8ppMdc88MZgZNugd4uBNoL__Lk4vqjwGT5RQUUi2cQT6-M5ZhCLZ6b_iMpFSH2-gYNEYWQp3GzxMLD26mLAyKKx8cio_O27zlBrKP2sk_BnInyELUIavPFFKzg52I1YMbX7umYxi3n-4rv8cQtK-OW0X0UHo_78sd88mVAda--2nImbqVE_WDof7XqD9aUcwN6Chv-UBbQZ0dKgMNcAyMFJt-OKcsaY66enIBlUNGU8U9hIDdAhnnGVYZQEzgCxwATq68yj5APgBAOIBZWv4f09kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE68ggbYWR4LXN1YnN5bi03OTI1NjgyOTQwMjU4MDI0gAoDmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CTkziDRMIhPi0z7O_ggMVEDDgCh2LlgqysBPgm80O0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNENE_Ntcswk8b7TKoP6OFc8RbDqrRiLNSDnu3WsiloU6fSsrYG11kpMQnupvQnc_KG7tcId8BE7gEDSkNWMh5goOB1p-YBtavUlYYAQ%26sig%3DAOD64_0ai5lDpZFATVbDZzpHz4D5Vk5o1Q%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-CCmgLU0y8G6gz7MXKoHP7TSHVsTBT0RTK7Z_CQNLx_tw6ylJRU82X0tzkB0r_2gqsQ109k20Mt-ReIawepPkIJYdeEvM1u0-2q9CQG7LgSaUm_rao73_V8F903qCKO8h2qWkKdHauPce1Q4FHzdz7XZIxc8zRTIZLbaz5j7ZM2-DGIB4g%26cry%3D1%26dbm_d%3DAKAmf-CawW9QCeL-PhUNMgVAw3A-8MyzvNLHFZhuL8ntaM7UZFtsB9oy6aAK0K0t1Cf1B_DwpJ8eavlCF2CTZsfB3M-sbItdP4oIJ7L2_uGDIGIus_98Ob4rIgz4s4a4Jvgqi-0GC700Txumw9PNgEHM8U-8U5WVPKyWn-EpzIRKgblNNjpq85cxemfYFJv08PTePaV0-gV-fPlKDRBZi9YbUqFce3780gcWRXWnqF709zCDv7M6CKY6ehFwScxddbfc26cMS423yS1ON69_T_YoewIdoTLg7MBKIm-bmUgewa_kcyKoKS01lZ9LcUM9k0GunVObbOZCGQmSWAWTdQ0CHMGg4eTDYz28cPA4dSGhT0d1zmZ4x60XgyvulHK55VOb0GfF3ADwK1oigQW5Vw7z-3dSUHWdAxHi51PWflVhywrj-R2v3yUGQXcmUNEjlfgtPDMuHyFJIFmca9LJSoqjILl6Z9DGJn43Aaze-MqoLuEhEwADuydLP2hrnVEq6bFqN4TYe4TP7wQI9VfmXBBDnCHSirGlEV2o7m7-odFmSCzQR2uRYdEO4cyGboD5-TACD4kG2DTsTYxwCshDvrFcJawoWhpenQCcdHuoN8PbLp0C2kkLF7TVKI8OcBVv-P7UKauDYkWfnJFlmtwgN92I7Y-oUBZ2833XDBr8ovqWWWEH3cW7ADY%26adurl%3D&documentReferer=https%3A%2F%2Fwww.rafyon.net%2F&ancestorOrigins=https%3A%2F%2Fwww.rafyon.net&random=8238664272311&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: c656596b59b73b691d3d52745224e18e2f692fd34b9fa97d7170467001f584f8

Request headers

Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1498
Content-Type: text/html; charset=utf-8
Date: Sun, 12 Nov 2023 21:27:54 GMT
Expires: Sun, 12 Nov 2023 21:27:54 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame E7E8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f97551cd42fb0f44e1cf044aeb604a6fbe24d0b3eed6acc81721649167097cd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK S-320x100.gif
cdn.contentspread.net/24i/content/soberfb/EN/ Frame 725B 18 KB
18 KB 145ms
42ms Image
image/gif 54.36.108.3
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/content/soberfb/EN/S-320x100.gif
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=98622600140485304445414012506002&a=013dcc30
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.36.108.3 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3112796.ip-54-36-108.eu
Software: nginx /
Resource Hash: c933b803d23dd223840fcc4e13acde710b267913775e9d49f64a88d3d26f45ff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://hal90002.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sun, 12 Nov 2023 21:27:54 GMT
Last-Modified: Mon, 23 Jul 2018 15:20:14 GMT
Server: nginx
ETag: "5b55f22e-46a6"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 18086

GET
H/1.1 200
OK viewability Show response
hal90002.redintelligence.net/ Frame 725B 0
150 B 72ms
25ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90002.redintelligence.net/viewability?s=98622600140485304445414012506002&a=49a5524c&vb=m
Requested by: Host: hal90002.redintelligence.net
URL: https://hal90002.redintelligence.net/request_content.php?s=98622600140485304445414012506002&a=013dcc30
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://hal90002.redintelligence.net/request_content.php?s=98622600140485304445414012506002&a=013dcc30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Sun, 12 Nov 2023 21:27:54 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 725B 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52
adservice.google.com/ddm/fls/z/ Frame 8D30 42 B
401 B 127ms
57ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CNKEhdCzv4IDFTUXogMdK1QBJg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7338609189303.52?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 109ms
68ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311020101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da98cd654dbc6d46ffa1de5d5005b3f842e2341ace1bea3bab72efa6cb92344c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12097
x-xss-protection: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5761 42 B
64 B 56ms
56ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEp7_JrNIvaAaeoiSw3hHURc8to_CojhoJC9kIzfVqttVRjrAJHh1MIW456zkM6Ld2v0ntqrejRZmuwPH3YwUUnuhtdYy2rLXswfjUiNzUsmd7Ksc7p8GuqdraST2U10LL8V4HkNArqMtL&sai=AMfl-YSheLG7Lug_PAYTWGXCBJaqlWpoDfbEBA0sUdJ4bHOrVTDA3zp-MfWPq0hJmEq_Y7CZ7S8lh03oqkRecYfv4gHIM3F1FO9BTc25y5ANI5AY89JiFssyhjpPvCxCmB9TTAO0L38WN7sF3pmuy67DTA&sig=Cg0ArKJSzO2_es5G3Nr6EAE&cid=CAQSTwDICaaNNK_NdCoKSccf7r6fiAylsJ2T_fKcDZDSgy3TsCrCp-vHRcDU-op4m5Jv-C7at-5mTvYafVdUG11md52EVeu38zkKWrCHvmEHdSgYAQ&id=ampim&o=653,556&d=640,300&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=253&tls=1254&g=100&h=100&tt=1254&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311020101/pubads_impl.js?cb=31079510

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 12 Nov 2023 21:27:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1F97 13 KB
5 KB 21ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 13864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 17:36:51 GMT
expires: Mon, 11 Nov 2024 17:36:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9587 829 B
997 B 30ms
30ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cd736856f82fb1671d1efa96c6b1272aa38b89bd767d8e67c78e30e8029e940a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Q3ZInrXlUfTAX8uFfuNPWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.rafyon.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-Q3ZInrXlUfTAX8uFfuNPWQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 21:27:55 GMT
expires: Sun, 12 Nov 2023 21:27:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F97 39 KB
15 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 13:20:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 11 Nov 2024 13:20:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9587 0
0 54ms
53ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311020101&jk=4283869649411140&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1F97 0
10 B 19ms
18ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?mjk_CA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 21:27:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 73ED 42 B
64 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstFdprVz1_PSH0PKYVBDrMcpFRvtUg1z91ovL8quxht5mm2aBaWtbrNMXBI1jhKQqJNB-k91Zu55Zk9buVlc2lS_TRqW6kqTwJj0_9xaHkV-fcRwytvfnwfPX7yvJUYEgVjwHbUtoHLkMtx&sai=AMfl-YT9m-_wOgnldeyHuXaEf3w6tvh7K7ak2NhkkOInVOB20IqbxWhwjndqyECYPscXCKt3d6-fdNp9_aZlVUYg6gmvyjSyMw3qeWBWUI4kP_uAEeOkzPS-wsY3Ax28OOLxImiO-hEIApfohky1mADp&sig=Cg0ArKJSzGvbuc2VJHZnEAE&cid=CAQSTgDICaaN6JCkmTQuFcO95RAtppI5CJ2ptjElQNhb4Wao2Y7aQEKc4w7Gr1nGPeBE0gtie5wrTbJJXhOEbTzOTsxWJ-MjLooX8MIabQqJIBgB&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231109&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2707343403&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699824474344&rpt=238&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
57ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311020101&jk=4283869649411140&bg=!x8SlxIvNAAZxrfrxUa07ADQBe5WfOCm-K4ZhesGvbvFkzwxuL3XSOU4poM_jVwSOigD_kChU3wEFixZJJHtuMrvlPUrKAgAAAD1SAAAABGgBB5kCsr74sEZxgxcwJvZ8O2IUom8d3hQY-9DNmRb65O7U_1UOtCr2zHfTVodbrG9m8NbyJuyD3lB51YtiEmQ79imAMpd0AHe8nHKk1qzwvb-icYCnJ7KmnoCxUlom-oA2SAAsCeSIlkwRVzSlupZ2yB-VnyhkSa_20wrdV46YYZtN9mR-BbJxjkuGsEvrYkn_pMas8TPe1_UnZi2a1Q7LARNkADWKefNeD44Hd-l0XtRJ_9xXlbw3DfAmvcSyK9Zk8hMh5zUGRAGwbSZb2bArUZtqAt6w6QSuuZvrVNzdgMtsfDB0tGdEG4ajQn-UauN1VJ-JtNnAFD96T2g3pwaI1Nc-Lm6OS2JEy4pyEHLv4UL1JYFGEuuAhKdiD9n8VLU5wI1tnGzQja3pLJvTirJ4bxgUqVUgnSMolEF_vppgegjOaiCuK8X7pkYNPVWND-ldCyZUepxcPFEy0EqW4n0f-NaLhHIurU5T38CRNvj9yuuEpkc4nobPUbOhOiga1yY-tC2BCv_rA7frLCTkQlmbqiMMg5DTDerfFmiSqb8IusLAEGezSVroe1BPdkH-TEZVWsquvtwh3KwBcxi4c9uxxaJnm8_rpIj5PfdodyAlnvhr_e_4U6z-_oVIJslHopEg42orkJ53RblWUyC0uDrPhHEfdmPNU48cdvdp0micfSuJhogY6iS8sswZIfv67iCpsGNJEY3vgJygDKDod_ueMn1T9HfxCMCCBY64FPwI-d5ywDfm-61OmyZTq7UDkuuLd1zoNTeW2BfzkM9XMsoHRArpWZzAdreEIFdQeoYw2uqMpnaQfKuhMjHZ3RXZ8IBhohObvBUvhmarTowJaKSEe1tXj3l_Jff5TJWb5OS-OEocamagYenH5Cz-I5cGrcePDFJE5dShwssAhmvjjq-qjniASd7nvw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.rafyon.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7E8 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3598709792040&version=m202309260101&ct=77&x=1&cor=18374028683195890000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 12 Nov 2023 21:27:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

156 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.rafyon.net/	1970-01-20 16:20:29	Name: __oagr Value: true
.rafyon.net/	1970-01-20 16:10:24	Name: lotame_domain_check Value: rafyon.net
.criteo.com/	1970-01-21 01:32:00	Name: uid Value: 799361a8-3e39-40fc-8f1d-671b7abc6944
.rafyon.net/	1970-01-21 01:32:00	Name: cto_bundle Value: cveSpF82REdSbkpNZGFlUHY4VDFrUHZTWm5WWWxNZjZiZmNVQXlhS1lFckRVa2J4YUpFbnVmazFEZ2pCWVM5V3RBUnZWa3RtWk9UcjJOS2k5NU5aWjNRN3pIMEN3cFNWdmNuWlZFT2lweDdIcWN5RGNpeiUyQmJzWmJYaW9WSnFVVEw4VU03SnB3cjI5WlhRUnpiRjYzOVVVenN1QSUzRCUzRA
.openx.net/	1970-01-21 00:56:00	Name: i Value: b8568034-c913-4bfa-94e9-0d9ab7ce0e94\|1699824473
.doubleclick.net/	1970-01-20 16:10:28	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-21 01:32:00	Name: IDE Value: AHWqTUnNqKaNv3-1yXRAhE3srqnir0CTpHPgd7F_nFL-gxpmn9ZoYcKNss7xHpl3
.adnxs.com/	1970-01-20 18:20:00	Name: uuid2 Value: 6280905386766241372
.casalemedia.com/	1970-01-21 00:56:00	Name: CMID Value: ZVFDWnYHXypzGT.X5u4WZwAA
.casalemedia.com/	1970-01-20 18:20:00	Name: CMPS Value: 2170
.casalemedia.com/	1970-01-20 18:20:00	Name: CMPRO Value: 2170
.rafyon.net/	1970-01-21 01:32:00	Name: __gads Value: ID=74635d7c1b2fd3e5:T=1699824473:RT=1699824473:S=ALNI_MYqVOLxqujI6_CLISY5mljXO35WhA
.rafyon.net/	1970-01-21 01:32:00	Name: __gpi Value: UID=00000cc13c488101:T=1699824473:RT=1699824473:S=ALNI_MbGOCSpwVHgTZh-FZv6Dq0ZW8vWNw
.doubleclick.net/	1970-01-20 20:29:36	Name: APC Value: AfxxVi40szpODsrQZnwriZ5x_bilEQLwHFy6zTPZwFb7ftcDFhiP4w
.adnxs.com/	1970-01-20 18:20:00	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GUba-KR+!1yIE`fS1ueD1W-044)d+]NEQ)L'k+HMQmppJ:`yE9I.%A8`d0/(oYQpYNMxP(hw9P-HC_#tsu7)eN*7
.doubleclick.net/	1970-01-20 16:53:36	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 18:20:00	Name: 8lcfmzhxc8d6_uid Value: e2a93abea67660bb

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2cdda8b1fdfea5b23ba3813658205386.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
bcp.crwdcntrl.net
cdn.ampproject.org
cdn.contentspread.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.optad360.net
cdn.prod.uidapi.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cmp.optad360.io
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hal9000.redintelligence.net
hal90002.redintelligence.net
ib.adnxs.com
id5-sync.com
invstatic101.creativecdn.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.criteo.net
tags.crwdcntrl.net
tpc.googlesyndication.com
www.fontstatic.com
www.google.com
www.googletagservices.com
www.rafyon.net
www.salaty.net
104.18.36.155
116.202.48.214
142.250.184.194
142.250.185.130
142.250.186.70
162.19.138.119
172.217.16.134
185.89.210.46
2600:9000:206f:a200:f:a31d:75c0:93a1
2600:9000:2156:a200:6:b871:4f00:93a1
2600:9000:225b:7a00:a:e047:753:a221
2600:9000:225e:e00:11:a4de:2580:93a1
2606:4700:10::6816:3556
2606:4700:3030::ac43:9391
2606:4700::6810:5614
2606:4700::6811:180e
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2002
2a00:1450:4001:810::200a
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2003
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2001
2a02:2638:3::3
2a02:2638:3::c
2a06:98c1:3120::3
2a06:98c1:3121::3
34.102.146.192
34.120.107.143
34.96.70.87
35.244.159.8
46.4.10.47
54.194.163.10
54.36.108.3
65.9.66.122
04fd3a2305c7dc6473b7fd2feb8b73778e7d8a6f92f2523857a145c77f399259
06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
08b3fc8ab4ac100947518d524b28e12a545832e69d38852029ee851dc837676d
0b85ef18a8a56899a2b91ad4616d8ba824e56c88879dad3c23b69697058b3aad
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c1ac09766e0f1322a4aaafcf2192f7b1c69f26c3810f9f89f2238373decf8af
0dd63db78cedc8bee5838a6d1944c129094c97b9fc57489f5643d6da11d7bfe5
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
10227d4b6da0ccc2a8944e7acb8db3349164ba2475bbcfaa5a58955daba997ff
10921def84fcc2ca0978321d156b1b65940fe30b328bd003cdd6a4e4792e24a1
15efd616a12ec9db8a03a05228105267a5a6b20fa0aed22f642ad81d0c98a02b
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
1a2f962e47e4ec7e48aa29f054eae0fdf49a666d11222c3f72e04247d37a3ae9
1a6f4f68fdea10f9ae1d3c1d858fb2dc4e361528290d4c3a9a3404db3f6afbef
1aae9f898179597d40812a0689b3c6b8cd94b7de9eaed27262199393981207ae
25789dda889deb19cab21ecb31239ccaf76630fd5f70d27c95c2b6b99187a43c
2b3cf9d2fd5fde29aa02875cc3f7a61f899567762830b834c3ada948b4622ab3
2b4cc063a23b35749b179b99bdb852c968aeca98886d97d6c32961edae25adff
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31f02fb9a8ae77e5d8bb229bf73f473f783e8155042655926cafca211cd11c98
36d9a942cca5b9f6a701720465c53f4e92093e224af0181bd4455b20a45e0957
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
3d55476038dfe34a53d1e5be0d78fa70b2dde6720d622be9ff8b9c9008b0de52
414caa66bb79bc88c1ba6a2a415d2333c0a01aab1c15f74684dfa7542a97d2f7
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
475fd532f80a36494ddd71f67913b28bf62763f3d63045613f6e2bcd1f647f4f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c3e8276a03b75d40fdbc5b40e665022127cbbd1722b6de06839ca69f664b7af
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
51881959e618fd23b6bec2ea2790a023e4befbe3f5e4bf738dc41714638053a0
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c00e3cf2c18c9259b4ee51adf37fa8f416a6a35201b2b9c2aa5f7457cdcb428
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6511c49ad2da79efffa24912c9b244776702a27bc8bdd4afc2855f646b443e10
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
69bcc20a0f78118f5bcdda4fba6598815b9c0ece19e3211f7505c6f0f8d40190
6bd00a44a456f30078ee922c40a88137e17d0e3b28a6ca770ef069ed9bd44fcf
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
702662ed5ba202f0771642b44b12f7b9f04d2e1712dcccddeabc8655476e1940
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
7beb67896e969bca947fdfbd1f11e20ae0e5989f7a444bc69c0eba234fd7bbca
7cb3d35b55d42ce147dd843386871c72ad7d78bd3c60a49b1099e41881556f2b
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
89f2d1f27a52fb515390326a25785ee499c5e84572da9ba7b7ad0807f658924c
8a10c8b54e1c59596f5caa93f72615a4a67f92567abfb376bfe7ca630aa6107f
8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f
8de3a8714784213ac60c3bfa981c4c7ac0d18d07366888302660a0a3918c2249
8f97551cd42fb0f44e1cf044aeb604a6fbe24d0b3eed6acc81721649167097cd
9148103ca9f6c497dfde5e5342128ea3e6341e2b1469a5241947164bec5c1240
99bcb1c88785781418083b5ec2ef0f49dc98e6b5230cbfe0215c8945a58cd948
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0691590289efab8aecb842f768940fb34fc23791ca890f77b1e6b7aeec03126
a0eda4cec4632f9fb08418ba565380acae7551a8939f1250f119f47d48cf959c
a18ced1ed8495346815438bdd1bd7d7d15f812cbfb087384b1a96ec18ad54a72
a195b24c93fe857115ce6c2170b8ce99da4f44daf9110842fe06fd72d19a9276
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a424af0227b9f4d0d456c19cafa6c3894c9d16353289ac5f0fc2d0409dc0a9de
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a7e1fce0f4ca98d191cf972d38b5f416ae0fe18ad15cf42ef4c73aacab0510dd
a976cc60761ae1e5d55361726238e9243fc7062e9c8b6344ec604d1152cc8986
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b02f712bafaaaf093abcbe50187969700636642c4a9b659974eae2da90b2f914
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4d6967c4bafb227f8fd6f0c659da9297bc719b6d4b5c37216244e6bc3e0d609
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
b5bc421a51791bbbee22e0de81f887fa44756eb90ef1875e2db76cff17832140
bba9d42a99e14dd0a941da96c2b45893cc24ae3fbfb000c8aeb0eaa1ab028169
bccc77626415983950af29ea7c4b2d969a6ebaa8f1f71802f3886e9299189fe1
bd39a41d0d4217a4f04f38081faf09365353cbd9f37f05008e1fe6d9bb5a8319
be4a85e01f0b87c03fea7148e9567ea1728b4459422933e459ce0b95799c0570
bf993c352a9c882af60619f9ba8b4d66c442be85875d78497571023b2aa5d28d
bfd2899911ac644593b3c7eca3c60296a4acc922d2d7b31aebb10ca02dd7fb7c
c0e164a9ebb0c15e7b6f1d1b6216b21bf6d566e9d009233ffc8a9185cae227ff
c0f27ee92a26e2bbb2393e7695351be1c91d890492943f52cf18fcfd899666ed
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
c656596b59b73b691d3d52745224e18e2f692fd34b9fa97d7170467001f584f8
c933b803d23dd223840fcc4e13acde710b267913775e9d49f64a88d3d26f45ff
cd736856f82fb1671d1efa96c6b1272aa38b89bd767d8e67c78e30e8029e940a
d04a8585ca1c9cbff59e413fe76da6b8dcf3c567cbc68ec436b852d7f1694df1
d376b8f5155cce923f1d9eb3e08974def3f0e51f10df79bd02d35a8275f9c6a6
d66b4e8556dec780a3be1e72c2bacfac5f379f6977f2886254908e5f87db6bd6
da98cd654dbc6d46ffa1de5d5005b3f842e2341ace1bea3bab72efa6cb92344c
dfa586fa8b70c056272ef189e613dc9f6bcb8f9b659259219fa776f639dd3374
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e26cdf84ea6019cb4505a4bd4e24b6c8cdc08f18a5ecf7c0a8668f0af945d64f
e31ebf113144bd88c51f9344ae69e9a0533f0484c7876157b5ce7afab3f279dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f3825ab5a948a650d9276b8c3ed43db6f36ac1e7d150c134bc2685e537131b
f38e373a688607ccbc8503ad471aa3bb21d32725d46834eefb73980b9b83e789

www.rafyon.net Open in urlscan Pro 2a06:98c1:3120::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

138 Requests

91 %HTTPS

59 %IPv6

27 Domains

41 Subdomains

40 IPs

5 Countries

1742 kBTransfer

4161 kBSize

17 Cookies

4 Outgoing links

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.rafyon.net Open in urlscan Pro
2a06:98c1:3120::3 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

91 %
HTTPS

59 %
IPv6

27
Domains

41
Subdomains

40
IPs

5
Countries

1742 kB
Transfer

4161 kB
Size

17
Cookies

138 HTTP transactions
4 data transactions